Do you have a question? Post it now! No Registration Necessary. Now with pictures!
September 13, 2007, 2:10 pm
rate this thread
reveal private information to them in clear text.
How can this be good? Am I wrong, or are we giving system administrators
and others around the globe access to our banks and mutual funds? Because
sooner or later, somebody is going to use my dog's name to try to
get access to my accounts via the security question.
I mean, now they're starting to put more security questions in, but with 8
to choose from, that's like using a 3 bit security algorithm.
How about this as an alternative: have the user put in two passwords.
Maybe a PIN and a PUK. Or just have the security quesition be optional.
These sites often let you reset your password by mail anyway,
so what's the point?
- Ertugrul Soeylemez
September 16, 2007, 3:09 pm
Re: security questions
This is where your view is wrong. Security questions don't demand true
answers. To the question, "what's the name of your dog?", would you
really tell the name of your dog? Use anything _but_ the name of your
dog. View this as a password prompt, where you can choose the prompt
Security is the one concept, which makes things in your life stay as
they are. Otto is a man, who is afraid of changes in his life; so
naturally he does not employ security.