George Kirikos wrote:
> > I contacted OpenSRS support to ask them to disable this "feature"
> > from
> > my account, and I received this response:
>
> I've been concerned about this issue too. In the rush to add
> "features", security has been weakened.
I was kind of surprised that OpenSRS sees a demand for such an option -
are there really that many RSP's that regularly forget their passwords?
> Ideally, folks should be able to opt out of this. I know I would be
> first to disable this. I'd only want a new password sent if there was
> *stronger* authentication, e.g. via telephone call to the contact
> (OpenSRS calls the number on record, to verify the request), or fax.
I agree.
> E-mail has the security of a postcard. Does one want one's passwords
> sent via postcards?
>
> Other features to enhance security would include:
Very good suggestions.
--Josh Levine
This archive was generated by hypermail 2.1.3 : Tue Oct 19 2004 - 23:37:45 EDT