• Marc Hedlund: "Yahoo, you IDIOTS! WHAT are you thinking!? If you use birthdate as a means of password recovery, why would you put that information right on a user's home page? If it's supposed to be a shared secret, don't you think you ought to keep it secret?!"
• Mikel Maron: "I wrote that feature."

2003/01/17 · 2 COMMENTS · Link

Comments

Anyone who is relying on the security of their birthday is probably SOL regardless of which Web sites they use. All it would take is one disgruntled cousin and the next thing you know, the terrorists have won.

#1 · Rogers Cadenhead · -1/11/30

just to clarify ... i wrote the "happy birthday" thing, not the password recovery thing. nothing wrong with that -- people's birthdays are usually not a secret.

yes, birthday is not a good security measure. however password recovery requires answering the "secret question" as well.

#2 · mikel · 2003/01/17

Add a Comment

All comments are moderated before publication. These HTML tags are permitted: <p>, <b>, <i>, <a>, and <blockquote>. This site is protected by reCAPTCHA (for which the Google Privacy Policy and Terms of Service apply).