[DUG] In case you're interested (or buy stuff)

[Kyley Harris]

>Integrate with active directory and you never have to worry about
passwords, 
>etc. again.  Push the problem back to the client and let their IT dept
sort 
>it out themselves.

Kind of depends what you are writing.
If you are storing thousands of clients and passwords for a webbased
system then this is obviously a no go ;)

I do think that the safest mechanism is for the computer administrator
to somehow be integrated with the application to allow them to logonto
the app for adjusting forgotten passwords etc.

This all depends on the type of system that you are writing. Most of
Rohits clients are simply not going to have Active Directories. And are
similar to my fathers clients I would guess in their ability to ask what
the power button is for :-P I guess having a backdoor password to a
semi-secure app is better than having an app with no security at all.