Users forgetting their passwords can be expensive—sysadmins or customer service reps have to field phone calls and reset passwords—so some systems include a backup authentication system: a secret question. The idea is that if you forget your password, you can authenticate yourself with some personal information that only you know. Your mother's maiden name was traditional, but these days there are all sorts of secret questions: your favourite schoolteacher, favourite colour, street you grew up on, name of your first pet, and so on. This might make the system more usable, but it also makes it much less secure: answers can be easily guessable, and are often known by people close to you.
via Schneier on Security: Balancing Security and Usability in Authentication.
Again… refer to my series on passwords. In the search bar type keyword passwords.
Passwords continue to be both the frontline of computer security and ultimately the weakest point. I suppose the next step will have to be some form of two factor authentication even for the home user. Maybe RFID chips too….
Recent Comments