what would be interesting to me see in a court of law is instances where there is a recovery option. if the challenge/responses are not freely given would the courts permit guessing based upon known information about the accused in order to reset the password?
second, how many recovery processes actually protect the challenge/response information and even require it to generate a new password?
now this won't work for devices secured by password that don't have an outside reset but for online accounts want prevents law enforcement from spoofing the system?
> now this won't work for devices secured by password that don't have an outside reset but for online accounts want prevents law enforcement from spoofing the system?
The power to subpoena evidence from the service is powerful and the tool likely to be reached for in such a case. Unless you mean an online account storing encrypted info?
second, how many recovery processes actually protect the challenge/response information and even require it to generate a new password?
now this won't work for devices secured by password that don't have an outside reset but for online accounts want prevents law enforcement from spoofing the system?