Password recovery questions are too insecure!
Your default list of questions for password recovery are so easy to guess that it's laughable.
For example, a typical user will pick the easiest questions, like "What is your date of birth" and "What is your favorite color"? Or perhaps: "What is the color of your car"? and "What is the color of your eyes?" You can't be serious..I know the color of every employees car by looking out my window, and the eye color is quite obvious.
Any employee can easily find out the answers to these questions. Also, what if they pick a favorite color, but I have a 5 character minimum? So basically: "What's your favorite color, as long as its 5 characters or more?." That narrows down the answer, doesn't it?
I would not use your product in it's current state because it would be a great security risk.
I recommend you either re-write these questions to make them more difficult to guess, OR give us the option to write our own questions (although I'd rather have pre-made questions if I'm paying for a product).
Sorry if this sounds negative. I am interested in your product, but I need more security.
Thanks
For example, a typical user will pick the easiest questions, like "What is your date of birth" and "What is your favorite color"? Or perhaps: "What is the color of your car"? and "What is the color of your eyes?" You can't be serious..I know the color of every employees car by looking out my window, and the eye color is quite obvious.
Any employee can easily find out the answers to these questions. Also, what if they pick a favorite color, but I have a 5 character minimum? So basically: "What's your favorite color, as long as its 5 characters or more?." That narrows down the answer, doesn't it?
I would not use your product in it's current state because it would be a great security risk.
I recommend you either re-write these questions to make them more difficult to guess, OR give us the option to write our own questions (although I'd rather have pre-made questions if I'm paying for a product).
Sorry if this sounds negative. I am interested in your product, but I need more security.
Thanks