Slashdot Mirror

← Back to Stories (view on slashdot.org)

How are 'Secret Questions' Secure?

Posted by ryuzaki0 on from the security-versus-usability dept.

Anonymous Howard wonders: "It seems that every authentication system these days requires me to provide the answers to several personal questions, such as 'Mother's Maiden Name' and 'Name of High School' for resetting lost passwords. I've always disliked this method because it is completely open to anyone with some personal information about me, but now it seems that its security continues to degrade as more and more Help Desk Reps can easily see this same information about me. Can anyone explain to me how these questions/answers, which seem to vary little among systems, are in the least bit secure?" You have to have some way of identifying yourself if you forget your password. If you feel the same way about these 'secret questions', how would you implement a secure facility to change passwords?

4 of 116 comments (clear)

  1. Why follow the rules? by goofyheadedpunk · · Score: 2, Informative

    Who says you have to answer that silly secret question with what it's actually asking for? You could think up a non-public answer ahead of time to the question, "What High School did you go to?" and give that non-public answer. Seems to be a bit more secure than giving an answer which is actually true.

    For example:

    Question: "What's your mother's maden name?"
    Answer: "Sheatemybrotherssoul"

    --

    What if the entire Universe were a chrooted environment with everything symlinked from the host?
  2. stupid by Anonymous+brave+dude · · Score: 2, Informative

    Whenever I am presented with one of these, I just mash on the keyboard for a bit. I remember my passwords.

  3. Re:The sites that need it, shouldn't use it. by pyrrhonist · · Score: 3, Informative
    ..which means you now have to have an insecure file on your computer storing your different made-up answer for each site... I hope to god that's encrypted and password-protected out the wazoo.

    KeePass

    --
    Show me on the doll where his noodly appendage touched you.
  4. Re:You just have to ask yourself the question... by Rakshasa+Taisab · · Score: 2, Informative

    You just messed up a one line joke...

    There's no question mark there, which is why Tycho goes on to question whetever it is a question or a statement.

    --
    - These characters were randomly selected.