nsane.forums Posted May 21, 2009 Share Posted May 21, 2009 Web site log in's need to offer a careful balance between security and customer friendliness. Unfortunately it seems providing customers with password reset facilities compromises security.Of all questioned persons who knew and were trusted by the 130 test subjects 28 percent were able to guess the correct answers to the so-called 'secret questions'. Even worse, people completely unknown to the test subjects still had a 17 percent chance of guessing the right 'secret' answer.This points out that the technique is not as secure as we would expect of a backup authentication system. A further defect is that this approach isn't reliable enough to ensure that users actually do recover their passwords: they've often simply forgotten the answers. View: Original Article Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.