All geek questions in one place

Simple authentication scheme

I have an online registry of professionals with approximately 300 members. These are smart people, but not technical. Currently, if someone forgets their email address, the system sends it to their email address.

The problem is that people change their email addresses over time, then forget their password and cannot receive a reminder.

I need to create a simple authentication system that allows people to recover their passwords even if they change their email address.

I try my best to come up with everything that is even moderately safe, that does not require users email address.

Can anyone suggest something?

+3
source share
2 answers

Save your mobile numbers for sending SMS messages - they may change less frequently or at least not coincide with email addresses.

Also consider handling this case through manual support if the user base is only 300; but if you do, remember to be diligent in having your verification method manually. :)

+4
source

The most common practice would be to introduce additional questions with registered answers that would allow the user to reset their email address and password. (Although only one at a time, and the second only after checking the first).

for instance

What city did you grow up in? Where did you go to college.

, 3 . , 3 .

0

Source: https://habr.com/ru/post/1734194/

More articles:


All Articles