Many website owners and companies do not spend enough time considering security. Things is slowly getting better, but not in the speed required to counter fraud and identity theft.
Gnucitizen made a clear post regarding how password recovery works (warning - it gets quite technical towards the end). It is a great explanation of the 4 different automatic password recovery/resetting methods, including pros and cons. The second part of the post also gives the interested a step-by-step description of how to automate the testing process.
If you still do not get the message - consider this:
You are able to automate testing in order to counter hackers. It is easy, and takes very little knowledge and effort, thus it is not very expensive. You may or may not choose to do it. One thing is certain, though - hackers and ID-thieves allready do this. As they have done for years.
Your choice is simple: either test and alter your code as required, or wait until you are loosing data. Not a hard choice, is it?
Recent comments
14 weeks 5 days ago
14 weeks 6 days ago
14 weeks 6 days ago
15 weeks 3 hours ago
15 weeks 13 hours ago
15 weeks 1 day ago
18 weeks 2 days ago
19 weeks 3 days ago
21 weeks 6 days ago
22 weeks 1 day ago