Tech Support Forum banner
Status
Not open for further replies.

City of birth? Why password questions are a terrible idea

588 views 1 reply 2 participants last post by  Wizmo 
#1 ·
Using secret questions to give people access to their passwords is a terrible idea, according to a new paper from Google.

A white paper [PDF] called "Secrets, Lies, and Account Recovery: Lessons from the Use of Personal Knowledge Questions at Google" dug into the data of millions of users interactions with a range of password-recovering questions and concluded they were not only largely ineffective, but also a security risk.

The idea is a fairly logical one: to let someone access their account if they have forgotten their password, give them a question that is likely to be specific to an individual and use their answer to verify who they are.

The problem? We can't remember the answer most of the time, or we actually purposefully lie to ourselves and give the wrong answer in the belief that it will make the system more secure (not realizing of course that we will forget the fake answer all too quickly).
City of birth? Why password questions are a terrible idea • The Register
 
#2 ·
My problem with many of these so-called security questions is their relevance. I'm totally clueless about sports, never participated and don't follow anything related to it whatsoever! A lot of these questions ask about sports, favorite (name sport) player - haven't a clue! Also siblings middle names (what if you are an only child)? First pet's name - (what first pet - I never named my goldfish)? Things like this drive me crazy, as only the first question usually has any relevance at all. The second or third question has no relevance to me in ANY of the choices offered, yet you are FORCED to provide 3 questions and answers!

RUBBISH!
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top