Tuesday, June 14, 2011

High Likelihood Of Fail

Today I had to create an account on a certain telecommunications giant's web site. I had three security questions to set answers to. These are great examples of poor security questions.
Three out of the four questions can easily change with time. There's always new restaurants, actors and singers. The first question is somewhat vague.
Here we have two decent questions out of five. Again, there are always new hobbies, films, and authors.
Two for five again. So for nine out of fourteen questions your answer could change in a year or two. Not good. If nothing else this highlights the need for password management software. Something you can not only keep your logins and passwords, but also the answers to your security questions. Why would you need the security question answers if you are properly logged in? Because some sites ask you a question or two when you want to change your account information.

No comments: