为什么挑战 - 响应接近了被遗忘的密码一个贫穷的解决方案? [英] Why is challenge-response approach a poor solution for forgotten passwords?
问题描述
我公司正在开发的在线人力资源和保护的地方接入工资应用是至关重要的。我对如何锁定大部分的认证/授权过程中,除了忘记密码页面清晰。
My company is developing an online HR and Payroll application where securing access is critical. I'm clear on how to lock down most of the authentication/authorization processes, except for the 'Forgotten Password' page.
我最初的计划是要求用户同时输入一个电子邮件地址和pviously选择/进入挑战问题,使用临时密码邮寄给列出的电子邮件到$ P $的响应(假设电子-mail有效)。但我读过<一个href=\"http://stackoverflow.com/questions/549/the-definitive-guide-to-website-authentication-beta#477583\">here和<一个href=\"http://stackoverflow.com/questions/522967/forgot-password-what-is-the-best-method-of-implementing-a-forgot-password-functi\">here (无论在SO)的质询 - 响应的方法是不安全的。
My initial plan was to require the user to enter both an e-mail address and a response to a previously selected/entered challenge question, with a temporary password being mailed to the e-mail listed (assuming the e-mail is valid). But I've read here and here (both on SO) that the challenge-response approach is insecure.
如果我们只用电子邮件发送的临时密码不过,是不是真的那么不安全?我能想到的唯一的更安全的办法是要求用户称他们的客户服务代表,这将大大负担我们的员工。
If we're only e-mailing a temp password though, is it really that insecure? The only more secure option I can think of would be to require the user to call their Customer Service Rep, which would greatly burden our employees.
我缺少什么?有没有更好的方法吗?谢谢!
What am I missing ... is there a better approach? Thanks!
推荐答案
不要通过电子邮件发送一个临时密码,电子邮件用户的URL +令牌重置密码的页面。这样,没有密码是千变万化的手加密。这也是立即,如果他们试图进入该页面,并重置令牌已经用自己的帐户已被盗终端用户明显。
Don't email a temp password, email the user a URL+token to a reset-password page. That way no password is ever changing hands unencrypted. It's also immediately obvious to the end-user that their account has been compromised if they try to go to that page and the reset token has already been used.
从注释中增加:
我想质询 - 响应(秘密问题)方面实际上使事情变得更不安全,因为他们一般的东西,可以通过研究关于目标的公共信息被发现。在更少的步骤总,可没有任何人知道被打破就越少。让复位电子邮件早期和经常去的是让人类知道的尝试正在取得一个很好的方式。
I think challenge-response ("secret question") aspects actually make things less secure, because they are generally things that can be discovered by researching public info about the target. The fewer steps total, the fewer that can be broken without anyone knowing. Letting reset emails go early and often is a good way to let a human know the attempt is being made.
这篇关于为什么挑战 - 响应接近了被遗忘的密码一个贫穷的解决方案?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
