Question

I am using Asp.Net Forms Authentication , I am storing passwords in Hashed format and I do require a Question and Answer.My question is that what happens if a user forgets his security question s answer and his password.So without that I wont be able to generate a random password.What happens in such case , is the user left with only option to create a new account .Or should I link a table to store his question and answer in plain text and then pass the answer while resetting the password.I am sure you guys might have seen this a lot of times.How can I solve this. Any suggestions are welcome. Thanks

Answer 1

如果用户不了解他/她的问题/回答,你可以总是有系统发送电子邮件,链接到密码恢复网页。在这里,你可以问问他们,根据他们在创建账户时掌握的更敏感的信息,他们知道答案(姓名、地址等)。

Be 警告,只有在贵方网站不像银行网站,而且安全地点低的情况下,才能做到这一点。否则,将遵循Walter s和AakashM在安全论坛的建议和职位。

Answer 2

正如其他人所说的那样,这一问题实际上不是一个方案拟定问题,而是一个更多的安全设计问题,将在上得到更好的回答。

尽管如此,如果贵国网站的安全需要相对较低(而不是银行一级的安全),我认为,把你存档给用户的电子邮件地址的新密码发送到电子邮件地址就足够了。如果用户能够用电子邮件提供人进行认证,那么他们就证明自己(假定其电子邮件账户有失灵)。这就是有多少网站运行。

Answer 3

您应了解以下链接:http://www.asp.net/web-forms/tutorials/security/admin/recovering-and-changeing-passwords-cs”rel=“nofollow”http://www.asp.net/web-forms/tutorials/security/admin/recovering-and-changeing-passwords-cs。

友情链接