Forum OpenACS Development: Re: Can question/secret answer be removed from password recovery?
the email on file for that username
How will you recover the user's password? With the current scheme, I believe the password is hashed using ns_sha1 and irrecoverable. Which is why the system needs to reset the password when the user forgets it.
The only reason I can think of to retain the "question/secret answer" protocol is that it prevents a malicious person from resetting (and emailing) a known user's password on, say, an hourly basis. I have never heard of such a case, but it would be annoying to say the least. Also, it might give users the warm fuzzies since it appears to have become a standard across many sites.
I vote to retain it.