Fedora Account Change
Thomas Spura
tomspur at fedoraproject.org
Wed May 30 09:53:52 UTC 2012
On Wed, May 30, 2012 at 9:41 AM, Fabio M. Di Nitto <fdinitto at redhat.com> wrote:
> On 5/29/2012 11:45 PM, Andre Robatino wrote:
>> Kevin Fenzi <kevin at ...> writes:
>>
>>> I think adding a 'security question(s)' feature would be great.
>>>
>>> I would strongly suggest however that the questions and answers be free
>>> form. There's little security in canned security questions that have
>>> answers people can find out. ie, 'What was your high school?'
>>
>> I just use a password manager and if a site forces me to answer "security"
>> questions, I put them in the Notes section using strong random passwords for the
>> answers. For example
>>
>> What was your high school? 48ZGrNaDQR75
>>
>> I think the security questions should be optional in any case to save the
>> trouble of having to make and store several strong random passwords rather than
>> just one.
>
> Or maybe have primary (company?) email and private email registered.
>
> Instead of re-inventing a whole new chunk of code by introducing a
> security question and all, simple allow 2 emails to be valid at any
> given time.
Another possibility would be to let 2 people from an "important" group
guarantee, that the person requesting access to an account is the
proper one.
e.g. when you know 2 ambassadors/packager/translator/whatever in
person or somewhere else, you can be sure, it's the same one, I don't
see a reason to get him/her access to the account again.
This is kind of similar to verifying the GPG key given in the account.
(hint: "Important" group above means non-cla and non-fedorahosted-git*
group for me.)
Greetings,
Tom
More information about the infrastructure
mailing list