Monday, December 12, 2011

At what point is a password actually reset?

Let's assume you have a "friend" that goes to the recover password page. He enters your date of birth and zip code. This causes a temp password to be sent to your alternate email address. Since the "friend" does not have access to the email address he can't take any further action. If you then try to sign in would the original password still work? I wonder if this is the method of attack when people say their password doesn't work all of a sudden.|||I doubt Yahoo (or any other succesful vendor) will actually change your password. It will cause them too much of a grief with false reports.

They don't actually need to change the PW at all - all they need do is enable you to change it yourself, by allowing you to log-in thru without having your password so that you can set a new PW.

No comments:

Post a Comment