Essays Tagged "ComputerWeekly"
Page 1 of 1
Secret Questions Blow a Hole in Security
It’s a mystery to me why websites think “secret questions” are a good idea. We sign up for an online service, choose a hard-to-guess (and equally hard-to-remember) password, and are then presented with a “secret question” to answer.
Twenty years ago, there was just one secret question: what’s your mother’s maiden name? Today, there are several: what street did you grow up on? what’s the name of your favorite teacher? what’s your favorite colour? Often, you get to choose.
The idea is to give customers a backup password. If you forget your password, then the secret question is a way to verify your identity. It’s a great idea from a customer service perspective – users are less likely to forget their first pet’s name than some random password – but terrible for security…
Sidebar photo of Bruce Schneier by Joe MacInnis.