Many website owners and companies do not spend enough time considering security. Things is slowly getting better, but not in the speed required to counter fraud and identity theft.
Gnucitizen made a clear post regarding how password recovery works (warning - it gets quite technical towards the end). It is a great explanation of the 4 different automatic password recovery/resetting methods, including pros and cons. The second part of the post also gives the interested a step-by-step description of how to automate the testing process.
If you still do not get the message - consider this:
You are able to automate testing in order to counter hackers. It is easy, and takes very little knowledge and effort, thus it is not very expensive. You may or may not choose to do it. One thing is certain, though - hackers and ID-thieves allready do this. As they have done for years.
Your choice is simple: either test and alter your code as required, or wait until you are loosing data. Not a hard choice, is it?
Delicious
StumbleUpon
Reddit
Facebook
Google
Yahoo
Explore Security Bloggers Network
Happy to help
Hi Adam, thank you for your nice comment! I am happy to see you here! K
Thanks Kai
Post new comment