Sam, We have just done a study for a bank on this issue. The issue of security questions is hard. We have had the security team of a bank reject the idea of letting users select their own security questions because the users could make the question too simple.
But from user testing we have found a significant number of participants reject virtually every question that we can think of. Is there another way to verify somebody? James http://blog.feralabs.com 2008/12/19 Sam Menter <[email protected]> > Hi there > > Can anyone point me in the direction of sample security questions that > could > be used to verify a user's identity if they don't have an email address and > have forgotten a password? EG Mother's maiden name, first school etc etc. > > I think best practice would be to let a users set the question themselves, > but in this case we need to offer a set of questions for the user to choose > from. > > Thanks for the tips, > Sam > www.pixelthread.co.uk > ________________________________________________________________ > Welcome to the Interaction Design Association (IxDA)! > To post to this list ....... [email protected] > Unsubscribe ................ http://www.ixda.org/unsubscribe > List Guidelines ............ http://www.ixda.org/guidelines > List Help .................. http://www.ixda.org/help > ________________________________________________________________ Welcome to the Interaction Design Association (IxDA)! To post to this list ....... [email protected] Unsubscribe ................ http://www.ixda.org/unsubscribe List Guidelines ............ http://www.ixda.org/guidelines List Help .................. http://www.ixda.org/help
