You know like they have for emails?

Secret Answers etc?

Well I think something like that for vB would be good...

Make them only viewable to userid 1, and only editable by the Admin after set...

The user must provide the Secret Answer to change it...

Good idea or non?

Satan

Personally I think email is more secure as it goes direct to the person, where as this a person could sit there trying words, or may know the answer to the question. A good idea none the less ;)

True...

But you could put a limit to the amount of tries, like 3 attempts, and then the account gets put into another usergroup, like "Users awaiting Email Confirmation"...

Emails are secure in some sense, but as you know, they can be hacked;)

Satan

Indeed, agreed. Limiting the number of tries would be a better way, also emailing the user & admin of failed attempts (including the IP, if a cookie or session identifies them as anyone) and also email the user when the correct answer is given and the password is changed. Just a few thoughts ;)

That would be good:)

So...Whos gonna do it?

*looks directly at YOU, thread viewer;)*

Satan