How are 'Secret Questions' Secure? 116
Anonymous Howard wonders: "It seems that every authentication system these days requires me to provide the answers to several personal questions, such as 'Mother's Maiden Name' and 'Name of High School' for resetting lost passwords. I've always disliked this method because it is completely open to anyone with some personal information about me, but now it seems that its security continues to degrade as more and more Help Desk Reps can easily see this same information about me. Can anyone explain to me how these questions/answers, which seem to vary little among systems, are in the least bit secure?" You have to have some way of identifying yourself if you forget your password. If you feel the same way about these 'secret questions', how would you implement a secure facility to change passwords?
You just have to ask yourself the question... (Score:5, Funny)
Uh oh, phishing alert... (Score:1, Funny)
Um, can't answer that, its my secret question.
Re:Why follow the rules? (Score:3, Funny)
An old friend of mine would choose the "favorite historical figure" option, if available, and he would answer "Hitler." He said you wouldn't expect it of a black Jewish guy, and that's what was so great. It's not likely to be guessed.
Re:The sites that need it, shouldn't use it. (Score:5, Funny)
I'll bet she couldn't WAIT to get married!
On a related note, we must be cousins.
"What is my password?" (Score:3, Funny)
Re:Create your own question (Score:3, Funny)
There was a comedian... (Score:2, Funny)
Re:The sites that need it, shouldn't use it. (Score:3, Funny)
OBPennyArcade (Score:3, Funny)
That has its own problems:
http://www.penny-arcade.com/comic/2006/07/12 [penny-arcade.com]
Some systems won't accept the real answer (Score:2, Funny)
Funny secret question situation... (Score:5, Funny)
Question: How do I masturbate in the shower?
Answer: With my SpongeBob SquarePants friend.
Question: What is the most sexually satisfying farm animal?
Answer: The Llama.
I am not sure who was more embarrassed, me or the agent as I had forgotten that I even made up those questions in the first place.
Re:OBPennyArcade (Score:3, Funny)
So, there may be other reasons not to use this sort of system.
But, fundamentally, it's a horrible security measure and should be taken out and shot.