Security questions - gone too far? - Webmaster General forum at WebmasterWorld

Forum Moderators: phranque

Message Too Old, No Replies

Security questions - gone too far?

Annoying, intrusive, and potentially dangerous

jtara

1:28 am on Dec 30, 2007 (gmt 0)

Today I logged-in to my domain registrar, and was asked to add two "security questions" before I could proceed.

I found the questions particular annoying and intrusive. You had to pick one question each from two lists of four.

The questions included such things as "What are the last 4 digits of your primary ATM card account?" What are the first and last names of your maternal grandmother?

Does anybody think that these begin to cross a line? Am I the only one who thinks that these security questions are becoming more of a risk than protection?

Of course, you don't HAVE to answer the questions honestly. I ignored the questions themselves, and answered them with a comment on how I feel about this increasingly-annoying practice.

Don't answer these security questions with obvious answers. Actually, the best way to answer is with a randomly-generated string, then record that where you record your passwords. (I used the comment field in Password Safe).

dcheney

1:37 am on Dec 30, 2007 (gmt 0)

There is no reason that you need to answer the questions honestly - just consistantly.

ZydoSEO

6:28 pm on Dec 30, 2007 (gmt 0)

I don't mind security questions, just in a lot of cases how they are actually implemented. I much prefer that a site let me create both my own question and answer. Then I can come up with a much more secure question (a secret that is specific to my life that no one else knows about) with an answer that cannot be used to exploit or harm me financially or otherwise.

But yea, as the previous post said... If you have to pick from a standard list then have a standard wrong answer that you use everywhere...

[edited by: ZydoSEO at 6:29 pm (utc) on Dec. 30, 2007]