On Fri, Dec 19, 2008 at 8:41 PM, Sam Menter <[email protected]> wrote:
> Hi there > > Can anyone point me in the direction of sample security questions that > could > be used to verify a user's identity if they don't have an email address and > have forgotten a password? EG Mother's maiden name, first school etc etc. > > I think best practice would be to let a users set the question themselves, > but in this case we need to offer a set of questions for the user to choose > from. > > Thanks for the tips, > Sam > <http://www.pixelthread.co.uk> Sam, I'm looking at this issue now myself - I'm part of a team that is designing an online application system for an area of Government that has a lot of clients from all over the world - and one of the Big Scary Things is providing a set of questions that are meaningful and useful in different cultural contexts. I know that other people have spoken over the years about security questions being difficult to usefully internationalise - to summarise, it is no use: - asking someone their mother's maiden name if they have no concept of either gender's name changing post-marriage, - asking someone the name of their first school if they've never been to school (and you don't want to make them feel bad about that), - asking them their pet's name if they've never owned one, or - asking them their favourite sport if they've never been allowed to play one. I'd have to support what others on this list have said about the answers reflecting a single point in time - and that the answers (and ways/forms of entering them) will change. Overall, security questions smell a little to me like the illusion-of-security-through-inconvenience that makes air travel such a joy these days :) Best regards, Andrew -- --- Andrew Boyd http://onblogging.com.au ________________________________________________________________ Welcome to the Interaction Design Association (IxDA)! To post to this list ....... [email protected] Unsubscribe ................ http://www.ixda.org/unsubscribe List Guidelines ............ http://www.ixda.org/guidelines List Help .................. http://www.ixda.org/help
