CAcert Wiki

• Login

• RecentChanges
• FindPage
• HelpContents
• case0023

• Immutable Page
• Comments
• Info
• Attachments
• More Actions: Raw Text Print View Render as Docbook Delete Cache ------------------------ Check Spelling Like Pages Local Site Map ------------------------ Rename Page Delete Page ------------------------ Subscribe User ------------------------ Remove Spam Revert to this revision Package Pages Sync Pages ------------------------ Load Save SlideShow

When I tried to see what happens if I clicked on Lost Password, I saw I only had to
give my date of birth to change the password. This was because I did not set any of
the validation questions. (I did now btw). 

So if someone has both the birthdate AND e-mail address (which you give if you are
assured for CACert or Thawte) there is a possibility to change the password if the 
alidation questions are not set.

My suggestion: make it mandatory to set the validation questions and/or send a
e-mail ping.

This would increase security. I also discussed this with martijn heemels (also
CACert member) and he also agreed.

ContentReviewTeam/case0023 (last edited 2008-05-22 22:17:08 by anonymous)

• Immutable Page
• Comments
• Info
• Attachments
• More Actions: Raw Text Print View Render as Docbook Delete Cache ------------------------ Check Spelling Like Pages Local Site Map ------------------------ Rename Page Delete Page ------------------------ Subscribe User ------------------------ Remove Spam Revert to this revision Package Pages Sync Pages ------------------------ Load Save SlideShow

• MoinMoin Powered
• Python Powered
• GPL licensed
• Valid HTML 4.01