I hate them so very, very much. Listen: if you want to set up a system whereby people can have their password reset or sent to them, then there is one way and one way alone you should proceed, and that is to have them provide an email address. If you ask them to put in a Super Secret Question!!!!! then don’t be surprised if some irate customer ends up throwing you under an elephant marching band.
I’m setting up an account now, and the options I have are:
- Last four characters of driver’s licence
- Father’s city of birth
- Mother’s maiden name
Are these secure? No they are not. So as usual I’m going to put in some random nonsense answer, then I’m going to get drunk and forget everything and be locked out forever. And sure, I could cut down on my drinking or write down my passwords or whatever, but that shouldn’t be my responsibility, and I resent having some website sitting there judging me on my failures. So webmasters, please… help me out here.
Or you could put in the real answer and use it, comfortable in the knowledge that there is millions of people online, and unless your really special noone cares. Also if someone wanted to get into your account and could do actually damage to you, I.E. Fraud, Idenity theft etc they would not be sitting there guessing your secret answer.
I hit submit too early. They would more than likely use something like http://www.oxid.it/cain.html (which is windows only, take that unix based losers) and get onto a computer after you, or someone you know has used it, and send out a virus to open you accounts for them. So really if you are to be screwed by someone, you have no defence really.
Stequen you damn well know theres better program that can do this on linux…
Anyway, Identity theft is the problem but I agree with Colm secret questions are a pile of shite. Everything should be retina scan and fingerprint.
It’s the principle, Stephen. I’m fully aware that l33t h4x0rs don’t need such piddling entryways. On the other hand, I once did a job where silly people literally handed me their email passwords. I do not want to be such people.
Johnny, in an ideal world every time I went to log into a website a guy in a suit would come around to get my signature on an authorisation form. Bring back the old ways, I say.
You know thats a cool idea. Everyone who gets the NTL ultra broadband package gets Jeeves aswell. AAA as we know it shall be solved………………….check out Authentication authorisation Accounting on wiki
What I do is give the answers for someone else as opposed to MY first pet or whatever, I’ll go with Richard Nixon’s or something.
Not bad, not bad. Beats complete randomness anyway.