For enhanced security, we can use security questions and use them as a means for users to reset forgotten passwords or as an additional means for authenticating. When would we be the right time to answer the security questions? 1- at the time a new user creates a new account with the web application (enter username, password, and answer security questions)? 2- or at the time of first log in (after confirming the e-mail is valid)?
Is there any security and user experience factors to lean to one of these options?
Aucun commentaire:
Enregistrer un commentaire