security question for change password

[dadamssg]

i want to have a security question for a user to change their password...i was wondering what you guys thought would be the best way to do it. Have how many questions for options? should i have a text field for their answer and another one to re-type their answer to make sure they input what they intended? should i have the text field hidden like a password? or just make it a normal text field? should i md5 it going into the db? i want to have a good register form to learn the demographics of my users, but don't want too many things for them to fill out. right now i have 10 fields for them to answer.(username,first name, last name, password, birthday, etc) any thoughts would be appreciated! thanks!

[Festy]

To be honest it's just a matter of choice how much security you want to provide to your users. You can use a text field for user's answer and then md5 it into its way to database. You can have a hidden field too.

 

Whatever you do, just make sure your user doesn't get annoyed by typing and clicking so many things. Just think of yourself as a user, you certainly wouldn't want too much hassle, would you ?