April 25, 2008

Security Measures

I'm not gonna answer that question I posed in the post before this just yet. You can add "Epilogue (Nothing 'Bout Me)" by Sting to the list though.

So, the one of the more recently implemented security measures in a lot of places online are "personal" or "secret" questions. They're used for retrieving lost passwords and as another layer of password-like security, and are generally made of the standard questions: "What's your mother's maiden name?", "What's your city of birth?", "What's your favorite sport?" (I love that one: questions like these should be something factual. That one is just begging to be forgotten or to change.), etc.

As I pointed out up above, some places don't choose good questions. What's worse in some places is that they never let you change the questions or answers, meaning your stuck with what you picked. WoW, I'm looking at you. I realize they do this so that accounts can be recovered from theft, but there should be some sort of recourse. Luckily when I had to recover an account's password today their account support accepted my spoken version of the security question's answer.

There has to be a better way than this. I just don't know what it is.