[OpenID] Password age and password reset
Eric Sachs
esachs at google.com
Wed May 13 18:22:35 UTC 2009
>> If the user passed the test, then the "suspicious activity" was
legitimate and no password reset is necessary.
Assuming for a moment a user "passed the test." Are you suggesting that
account should now be accessible with the original password? Because if so,
then the attacked who phished that user still has a password that will get
them into the account.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090513/56977643/attachment.htm>
More information about the general
mailing list