I am working on web applications where - believe it or not - users are not required to provide their email address to register. These requirements cannot be changed. Users will be logged in with an identifier and password, like any standard website. The problem I am facing is that the user has forgotten his password. When they want to create a new one, how can I verify their identity?
Initially, I was going to get users to select a secret question (from list 5) and give an answer. If they ever went to the Forgot Password page, they would have to enter their login ID, as well as the answer to their security question. This seems a little unsafe, since the answer to these types of questions (mother’s name, city of birth, etc.) is usually not so difficult to obtain.
So here are some of my questions:
Any help / comments / literature on this subject would be greatly appreciated.
?
( , OpenID ..), , . , " " .
, ??
, , " " " ". , () / , , , .
. /.
CAPTCHA " "?
, - , . , SO: reCAPTCHA
, Google , , , Q & . ( ) . , , . 1 . , , , , , ( - 30% - 3- ).
, , , 8 26 .
, , . , - ? , , , reset ( , ). , .
!
Source: https://habr.com/ru/post/1712493/More articles:Programmatically determine if a given VOB is installed in ClearCase - clearcaseICEFaces actions against actionListener - javawcf Service Known attribute type attribute - wcfWhat is the best way to save and load in my program? - c #Как я могу ударить встроенное изображение 1px, но не остальную часть строки? - htmlHow to model one-to-one relationships in Django - pythonDoes anyone know a system like CMS Asp.Net C # with a form module - c #spring beanpostprocessor not working on component scan? - javaBiscuit. Random ways. How to Rewrite URLs - asp.netCan I prevent duplicate content using md5? - hashAll Articles