>In fact, the reason I want to be able to see the passwords is just as >persuasive from a security standpoint. Since I now have several hundred >people with access to these computers, and since stealing one another's >computer identities is, at times, an indoor sport for students, I want >to be able to ask them **what they think** their password is. If their >answer is close, I can correct their mistake over the phone--otherwise >they have to truck over to my office with ID. If I can't do this, then I
Sounds like you could implement a "digital id" when they sign up. The "digital id" would be like a 2nd password known to you and the user. If they forget their pw and call you up, you get the "digital id" over the phone and go from there.
>For the first 8-10 years of its existence, TF displayed openly the >passwords. I don't think it is necessary to go to the other extreme and >not let anyone see them--the fact that I can do that using resedit
10 yrs ago the online world was a lot different. You dialed up a couple of BBSes tranfered files, and chatted. Maybe sent email to other users on the BBS.
Now, you've can shop, bank, and trade stocks online. The value of passwords has increased accordingly. I don't want the sysops of those systems to know my password, whey should I want you to know my password? If you know one, you can probably guess the other don't you think?
Roel Wigboldus wrote:
>We NEVER disclose a complete password by phone, unless we personally know >the user. In the same way we NEVER give him or her a new one, unless we >are 100% convinced to deal with a bonafide user.
Exactly. You need to confirm who they are first. You can also use the phone number they supplied when signing up and call them back. You don't need to know their password to confirm their identity.
