![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
password security
Saturday, August 27th, 2011 12:04 amAll it takes is answering my 3 security questions correctly, and my bank lets me reset my password online? It doesn't even involve anything via email? I know that email isn't secure, but really? Isn't it a lot easier for someone to guess the answers to your security questions, than for them to guess your password, if it is a good password? Hopefully if someone enters the security questions wrong more than a few times, the system would lock them out and make the person provide other proof of their identity.
This page makes a very good point about security questions:
Even if you can't make up your own question, there's nothing that says your answer has to make sense. The only things that matter are that a) only you know the answer and b) you will always know the answer.
That's it.
The system isn't checking to see if your answers "make sense", what they're checking is that when they ask you the question the answer you give is the same as whatever you gave when you set it up.
The computer behind it all doesn't know that "Jack Sparrow" isn't a possible mother's maiden name, or that it's a rare high school that has "Toilet Bowl" as its mascot. And as long as no one else knows those are the answers you give and you always remember them then it doesn't matter in the least that they make no sense.
The answers don't have to make sense.
They just have to match.
This page makes a very good point about security questions:
Even if you can't make up your own question, there's nothing that says your answer has to make sense. The only things that matter are that a) only you know the answer and b) you will always know the answer.
That's it.
The system isn't checking to see if your answers "make sense", what they're checking is that when they ask you the question the answer you give is the same as whatever you gave when you set it up.
The computer behind it all doesn't know that "Jack Sparrow" isn't a possible mother's maiden name, or that it's a rare high school that has "Toilet Bowl" as its mascot. And as long as no one else knows those are the answers you give and you always remember them then it doesn't matter in the least that they make no sense.
The answers don't have to make sense.
They just have to match.