melbo
Well-known member
Seems like this happens monthly: member emails me with a brief statement 'like can't get in. help' or 'my password isn't working. won't let me in. i quit'. I used to manually reset their pass and email it to them with instructions on how to change it once they successfully logged in. I now realize that this isn't a good way of handling this as it could be someone attempting to access a user's account through a socially engineered vulnerability (me, the helpful admin).
Been thinking about how to best handle this next time.
Instruct them to perform a password reset and ignore further pleas for help?
Ask them to describe something about themselves (other than location or email address)?
Made me think that it might be a good idea to incorporate some required security questions at registration. These questions would be hidden but viewable by an admin and could be used as a challenge when someone reaches out for manual help.
Anyone experience this or have other ways of dealing with the situation?
Been thinking about how to best handle this next time.
Instruct them to perform a password reset and ignore further pleas for help?
Ask them to describe something about themselves (other than location or email address)?
Made me think that it might be a good idea to incorporate some required security questions at registration. These questions would be hidden but viewable by an admin and could be used as a challenge when someone reaches out for manual help.
Anyone experience this or have other ways of dealing with the situation?
If just seems flawed to me. 
