Combination Press Plough Plane
Articles Forums Gallery Marketplace Videos

WoodCentral Forums

Est. 1998 — 27 years of woodworking knowledge

Reach the woodworkers who ACTUALLY BUY

Forgotten passwords

Posts

Forgotten passwords

Edited #1

admin

This puzzle concerns the process of resetting login information through a "Forgot Password" feature. In our forum system, users are prompted to input their email address. If the system locates the email in its database, it sends instructions via email. However, if there's no match found, it refrains from indicating this. From a security perspective, why might this approach be advisable?

Re: Forgotten passwords

Solution #2

If you assume the login attempt is hacking then not giving an indication of why there is no response to the request  provides the hacker with less information to base another attempt on. Of course, like all security stuff, it makes it more difficult for a legitimate user, In this case for example, if the email of record is bad or out-of-date, or some other issue.

👍 This page answered my questions

Your vote helps other woodworkers quickly find the answers and techniques that actually work in the shop.