A lot of web sites now use security questions as a way to help you reset or recover your password if you forget your password. The problem with security questions is that they are easier to guess than your password.
For example, some popular security questions are
What is your mother's maiden name?
Where did you go to school?
What is your favorite sports team?
Who is your favorite author?
Things like this are very easy to guess if you know the person whose account you are trying to hack. It is conceivably easier to contact someone online and trying to fish out their favorite sports team than asking them to reveal their password. The fact that the security question scheme is a weak form of security is not bad enough. The fact that they are mandatory on many web sites is the biggest problem - you are required to use a weak form of security!
I am an advocate of writing down your password and keeping it in a safe place, or better yet, use an encryption program to encrypt and protect your password list.
No comments:
Post a Comment