Check out Jared's blog post about some of the sticky wickets re: security questions: http://www.uie.com/brainsparks/2008/12/19/but-what-if/
~ will "Where you innovate, how you innovate, and what you innovate are design problems" --------------------------------------------------------------------------------------------- Will Evans | User Experience Architect tel: +1.617.281.1281 | [email protected] aim: semanticwill gtalk: semanticwill twitter: semanticwill skype: semanticwill --------------------------------------------------------------------------------------------- On Mon, Dec 22, 2008 at 5:34 PM, J. A. Fitzpatrick <[email protected]> wrote: > Setting up reasonable security questions is actually incredibly difficult, > because the answer has to be memorable and unambiguous, as well as > (hopefully) not "guessable". Like Sylvania, I am often thwarted by a set of > questions that either don't apply to me, or are ambiguous enough that I > know > I won't be able to remember my exact answer -- exact same word, spelled the > same way, etc. > > As this paper from last year's SOUPS conference pointed out, there is also > concern that many of the common questions relate to information that is now > readily available online: > http://cups.cs.cmu.edu/soups/2008/proceedings/p13Rabkin.pdf > > Kind of funny aside: I work with a bunch of engineers who created one of > these systems, and their personal way of handling them is to answer *every* > question with the same nonsense string. What's your mother's maiden name? > Bob. Where did you go to high school? Bob. And so on. That way, at least > you > won't get locked out because you forgot your answers. And you know, it > might > be equally secure to sweating over trying to remember whether you entered > "Thomas Jefferson High School" or "T J High". (Of course, some systems now > prevent you from doing this, for your own good, of course.) > > Cheers, > > Jean-Anne > > ________________________________________________________________ Welcome to the Interaction Design Association (IxDA)! To post to this list ....... [email protected] Unsubscribe ................ http://www.ixda.org/unsubscribe List Guidelines ............ http://www.ixda.org/guidelines List Help .................. http://www.ixda.org/help
