Slashdot Mirror

← Back to Stories (view on slashdot.org)

Secret Security Questions Are a Joke

Posted by timothy on from the totally-true-thesis dept.

Hugh Pickens writes "Rebecca Rosen writes that when hackers broke into Mat Honan's Apple account last week, they couldn't answer his security questions but Apple didn't care and issued a temporary password anyway. This was a company disregarding its own measure, saying, effectively, security questions are a joke and we don't take them very seriously. But even if Apple had required the hackers to answer the questions, it's very likely that the hackers would have been able to find the right answers. 'The answers to the most common security questions — where did you go to high school? what is the name of the first street you lived on? — are often a matter of the public record,' writes Rosen, 'even more easily so today than in the 1980s when security questions evolved as a means of protecting bank accounts.' Part of the problem is that a good security question is hard to design and has to meet four criteria: A good security question should be definitive — there should only be one correct answer; Applicable — the question should be possible to answer for as large a portion of users as possible; Memorable — the user should have little difficulty remembering it; and Safe — it should be difficult to guess or find through research. Unfortunately few questions fit all these criteria and are known only by you. 'Perhaps mother's maiden name was good enough for banking decades ago, but I'm pretty sure anyone with even a modicum of Google skills could figure out my mom's maiden's name,' concludes Rosen. Passwords have reached the end of their useful life adds Bruce Schneier. 'Today, they only work for low-security applications. The secret question is just one manifestation of that fact.'"

14 of 408 comments (clear)

  1. That's Not Possible by MightyMartian · · Score: 4, Funny

    I'm sorry. Apple cannot make mistakes anymore. Clearly this is just anti-Apple-types trying to give the greatest, most wonderful, most lauded, most glorious company that has ever or will ever exist.

    I'm now turning my iPod up to 11 to drown out the filthy lies of the naysayers. Jobs be praised.

    --
    The world's burning. Moped Jesus spotted on I50. Details at 11.
    1. Re:That's Not Possible by nazsco · · Score: 3, Funny

      IPads only goes up to 10. 11 would be too complicated, like a second mouse button.

  2. What is Your Favourite Colour? by Jeremiah+Cornelius · · Score: 5, Funny

    What is your quest?

    What is the air-speed velocity of a coconut-laden swallow?

    --
    "Flyin' in just a sweet place,
    Never been known to fail..."
  3. Re:Simple solution by PerfectionLost · · Score: 5, Funny

    I had a friend who built an entire fake persona that she used to answer her security questions. Address, parents, pets, you name it.

    In hind site she was probably a little schizophrenic.

  4. Re:BYO by HawkinsD · · Score: 5, Funny

    My favorite make-up-your-own pair, which a CSR at a bank was once forced to read to me over the phone:

    Q: "You're not going out dressed like that are you?"

    A: "You can't tell me what to do! You're not my real father!"

    --
    Never attribute to malice that which can be explained by mere idiocy.
  5. Re:Simple solution by Anonymous Coward · · Score: 2, Funny

    Yup. I had an embarassing phone conversation with my state's tax department because a year earlier I set the secret question to "What is the password?" and a year later I had naturally forgotten the answer.

  6. Re:Simple solution by bluefoxlucid · · Score: 5, Funny

    For phone stuff I set security questions like "Would you like to have dinner some time?" or "Wanna have sex when I get off?" and call to tease the cute customer service girl.

    --
    Support my political activism on Patreon.
  7. Re:Simple solution by Anonymous Coward · · Score: 5, Funny

    You mean the cute customer service Indian guy.

  8. Re:BYO by captaindomon · · Score: 5, Funny

    From Bruce Schneier: Q: Do you know why I think you're so sexy? A: Probably because you're totally in love with me. Q: Need any weed? Grass? Kind bud? Shrooms? A: No thanks hippie, I'd just like to do some banking. Q: The Penis shoots Seeds, and makes new Life to poison the Earth with a plague of men. A: Go forth, and kill. Zardoz has spoken. Q: What the hell is your fucking problem, sir? A: This is completely inappropriate and I'd like to speak to your supervisor. Q: I've been embezzling hundreds of thousands of dollars from my employer, and I don't care who knows it. A: It's a good thing they're recording this call, because I'm going to have to report you. Q: Are you really who you say you are? A: No, I am a Russian identity thief.

    --
    Just because I can hook a shark from a boat, I do no offer to wrestle it in the water.
  9. Re:Simple solution by KhabaLox · · Score: 5, Funny

    It might not occur to your proverbial grandma that people can track down her mother's name.

    That's because, as everyone knows, people from Proverbia are idiots.

    --
    Ceci n'est pas un sig.
  10. Re:Simple solution by Cinder6 · · Score: 4, Funny

    A good idea, but I'd hate having to remember--exactly--a 5,000 word essay in case I need to reset my password.

    --
    If you can't convince them, convict them.
  11. Re:Simple solution by Anonymous Coward · · Score: 2, Funny

    I was hacked by the Mormons once; they defragged my hard drive, cleaned off all the malware, and installed an anti-porn webfilter.

  12. Re:Simple solution by glodime · · Score: 5, Funny

    She is you.

  13. Re:Simple solution by Culture20 · · Score: 3, Funny

    And what happens if you loose the salt?

    It dumps out into a big pile on my friend's plate. Hilarious.