Your mother’s maiden name has been a ‘security question’ since 1882

Here’s an article with some history about “security” questions. But I would say that these companies (and government agencies) are more casual about your security, rather than about your privacy. So many of the answers to these questions are already out there, so the privacy issue is already moot.

Fusion

It’s well-established that passwords are a flawed security system. Attackers can guess them, steal them from a database, or watch you type them in. But until we can get our smartphones to take our DNA to confirm our identities, we’re stuck with them.

The processes that let you recover your password if you forget it, though, can be much worse than passwords themselves.

Companies that take security seriously will ask you to authenticate your identity with a “second factor,” such as a code they send to a device they know you own. Companies that don’t care are more casual about your privacy will ask you to answer “security questions” — which are typically questions that anyone could guess after a thorough stalking of your Facebook account: Oh, there’s a photo of you with your high school best friend. Oh, there’s a status update with your “porn star name,” combining your first pet’s name with the…

View original post 275 more words

Advertisements

Published by

Jim Fenton

I'm a networking technologist who likes to travel, bicycle, run, and various other things.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s