Passwords vs. Security questions Mar18 '07
Certain web site require user accounts, such as online banking or credit card billing management. Quite often these sites will ask you to create a "Security question" that should be answered by you, in case you ever forget your username/password, or perhaps are entering a very secure section of the site.
The "type" of security question usually varies between sites, but here are some popular ones:
- What is your mother's maiden name?
- What was your favorite pet's name?
- What city were you born in?
Some sites gets more creative, by asking detailed questions that would be hard to guess.
I've also seen sites that allow the user to create the question and the answer.
Security question becomes the password
What is the true purpose of the security question, other than to be used as another form of identification? Much like the password, the security question has to be "remembered" by the individual user.
However, since the security question is somehow related to the user, it probably becomes easier to remember, than just a random password that has no relation in the context of the site.
Correct me if I'm wrong, but wouldn't it make sense to get rid of the username/password deal, and just use the security question?
Your security question (and answer) would become your password. It's much more intuitive this way. After all, many people have dozens, if not hundreds, of usernames and passwords to remember.
The hacker
I would think the answer would be just as hard to guess for the hacker - if not more hard.
The hacker would have to not only know the question, but also the answer. And depending on how detailed the question is, the answer could be really difficult, unless the hacker really knew the person well.
The problem with passwords
The problem with passwords is that they often favor the hacker:
- Too easy to guess.
- Too hard to remember.
So we solve this problem by making the password more personal to the user. Nobody but the user could possibly know what their favorite historical figure is, or the last name of their childhood doctor.
The way it is now
The way it is now, security questions are often used as a secondary form of identification, while username/passwords are the first. This seems backwards to me.
Categories: Authentication 
, Security
Add Feedback (view all)
Leave feedback
is published and produced by Matt Thommes - an independent publishing enthusiast, mobile blogger, content creator, informative writer, web developer from Chicago.
Never one to conform, Matt intends to promote the effect the web has on our lives, in an effort to intensify, instruct, and clarify all that is happening around us.
Similar Entries
- It’s hard remembering usernames, not passwords (5 recent visits)
- Political office questions (1 recent visits)
Stats
27 unique visits since November 2008
Recent Referrers (click)
- Security questions web password
- "security questions" passwords
- security question
- security question
- http://search.conduit.com/Resu
- "security questions" "best practices" web sites
- security questions for password form
- security question, maiden name
- "security questions" "mothers maiden name" born city
- security questions passwords
- "best site security questions"
- "examples of security questions" identification
- "examples of security questions" identification
- security questions
- security question
- http://cc.msnscache.com/cache.
- password security questions
- security questions for passwords
- security questions for passwords