| the process is like this
| step1. user registers on the site
| step2. user login
| -user is asked a random question.
| if answer is correct he is logged in.
| if answer is wrong he is not logged in.
what kind of questions ? is it like - when was the last time you
logged in ? and so on ?
Once i forgot my ICICI card pin, and called up their helpdesk for
a pin change. They asked me to recall the last two transaction
amounts. I couldn't, and had to go to their office, fill a form
and get it done.
So what will your auth system do when a valid user is not able to
answer the random questions ? ask more questions ?
saha
--