Sponsored Links

Account security questions

Maybe this is just a personal bugbear of mine.. (I seem to have a few of those)

When you sign up for an account or service, typically, you're asked for a password reminder question and answer.

Helpful to recover your information and prove that you are who you say you are, and worthwhile, should you forget your access details.

What bugs me is when you have to choose from a specific list of questions and supply an answer.

And, if anyone were even faintly determined to "crack" your account, they wouldn't have very much difficulty in doing so.

Examples:

Favourite teacher
First car
Favourite author
Street where you grew up
City you were born in

.. and so on. There is no "Set your own question" option.

Anyone who knows anything about you - whether through a personal connection, looking at your internet postings, etc., can crack any one of these fairly easily.

You and I might know better here and pick any one of those, and supply an answer which doesn't pertain to the question.

However I suspect many users follow the instructions and happily use one of the pre-supplied options and supply the answer.

This arguably makes the account less, not more, secure. Now that identity theft is becoming a big issue, I think that some people are going to find their account security breached in this manner.

That drop down list of questions seems like a good idea, but, I suspect, two plain text boxes into which you supply the Q and the A would be more secure and the pre-supplied ones need consigning to the bin.
 
I agree and on some occasions I've also found that the questions don't relate to anything in my life (I recall one online shop giving me a whole list of silly Q's.. none of which I could answer). For example: What colour is your favourite motorbike? Well I don't have a bike and I don’t even like them!

So yes, custom Q&A's would be nice, albeit perhaps more difficult to administer.
 
that depends on if your the coder XD l added in a neat field to vbulletin coding doing something similar, basically added as a extra field in registration where a custom question could be written as lve always had to keep note of most secret questions purely for the reasons above, most dont cover me.
 
Sponsored Links
I have come across a few that let you set your own question and answer combo; or you could do what I have done - give an answer that does not match the question!!!

For example (thanks Mr Adams)

2 + 2 = A mild infusion of yellow.
 
you just reminded me, a friend of mine did something similar after finding allot of secret questions didnt match what he could answer so he came up with this idea. where he couldnt answer questions he started counting the letters and spaces and instead of answering the question he wrote the number of letters/spaces as the answer using three different methods.. sometimes using just numbers, other times spelt the number and other times wrote them out a roman numerals then just noted down somewhere offline in his filing system what he answered the questions as (words, numbers and numerals).
 
I also have a medium sized black book full of passwords, user names and config details.

I thought I had lost it in London a few years ago - I nearly had a heart attack. It never leaves the house now - if I think I might need some of the info I copy it out onto a sheet of paper.
 
actually l use my mobile for that, paper can be too easily lost. you see l use a program called "lastpass" it allows me to sync passwords between devices (tho obviously l keep bank/paypal/financial passwords much safer).
 
Sponsored Links
Captain_Cretin said:
...you could do what I have done - give an answer that does not match the question!!!
Yes. that's what I did about three years ago when I last accessed my Yahoo e-mail account via their site instead of via my e-mail client for the first time in ages, and they slung a load of "must update this" and "must update that" type of crap at me.

This was all very well until this evening, when I decided once again to have a look at things via their site.
Firstly, Firefox threw a wobbly, telling me it was an untrusted connection, and I had to create a security exception just to get the login panel up.
Then, when I bunged in username and password, the damned thing came up with some ridiculous garbage about me using an "unrecognized device".
What - a toaster? A sledgehammer?
I am at home on a perfectly normal HP desktop computer! I suspect that they don't actually mean "device", they mean they are suspicious about the *IP* and this is connected with me using a VPN, but surely one of the main points of a *webmail* account is that you can get at it from any old connection?

Anyway, because of Yah-boo detecting that I was connecting from Mars using a stick of Edinburgh Rock, they decided that in order to get in I'd have to *answer* one of these damned security questions!
Oh dear.
What street did I first live on?
Needless to say, I can't remember what rubbish I bunged in for this three years ago!
I tried my late paternal grandma's address (which I remember using for something somewhere along the line) - nope, no joy with that one.
I tried "Fur Cough Alley" (sorry, Alison!) which, again, I remember using somewhere along the line, no joy with that either.

Luckily there's another option - click the bit to get them to send an authorisation code to an alternate e-mail address that you've already listed with them. I'd used a genuine one there, my ICUK one, so that was what I did. It duly arrived, I pasted it in the box and it worked.

So, I got in - but what a ruddy performance!
 
Yes,,,, you REALLY have to make a note of the answers you have given, or the above happens.

BTW, for all Yahoo's claimed security features, it got hacked last year and they didnt tell anyone; my account was hijacked, even though I hadnt logged into it for nearly 10 years (it just forwards everything to a gmail account!!!), and a few months later I was seeing LOADS of hacked Freecycle accounts and postings.
 
Yes, I remember reading about that in one techie blog or another about a year ago - glad to say mine wasn't one of the affected accounts though. Not the first time someone's found a hole in Yahoo, of course, but I've noticed that it always seems to be the ".com" accounts that get mentioned. That may just be laziness on the part of the writers, but perhaps the fact that mine is a ".co.uk" one helps?
 
Mine is a .co.uk account, as are most accounts set up from within the UK. I suspect most of the stories are about .com accounts because the US forces people to disclose when they have been hacked and peoples data stolen, over here they usually keep very quiet about it, although this year I have noticed a few high profile UK admissions (Morrisons springs to mind).
 
Sponsored Links
Well that just depends upon your coding a friend of mine did something identical after assigning of key concerns did not coordinate what he could response so he came up with this idea.
 
Top
Cheap BIG ISPs for 100Mbps+
Community Fibre UK ISP Logo
150Mbps
Gift: None
Virgin Media UK ISP Logo
Virgin Media £22.99
132Mbps
Gift: None
Vodafone UK ISP Logo
Vodafone £24.00 - 26.00
150Mbps
Gift: None
NOW UK ISP Logo
NOW £24.00
100Mbps
Gift: None
Plusnet UK ISP Logo
Plusnet £25.99
145Mbps
Gift: £50 Reward Card
Large Availability | View All
Cheapest ISPs for 100Mbps+
Gigaclear UK ISP Logo
Gigaclear £17.00
200Mbps
Gift: None
Community Fibre UK ISP Logo
150Mbps
Gift: None
Virgin Media UK ISP Logo
Virgin Media £22.99
132Mbps
Gift: None
Hey! Broadband UK ISP Logo
150Mbps
Gift: None
Youfibre UK ISP Logo
Youfibre £23.99
150Mbps
Gift: None
Large Availability | View All
Sponsored Links
The Top 15 Category Tags
  1. FTTP (6026)
  2. BT (3639)
  3. Politics (2721)
  4. Business (2439)
  5. Openreach (2405)
  6. Building Digital UK (2330)
  7. Mobile Broadband (2146)
  8. FTTC (2083)
  9. Statistics (1901)
  10. 4G (1816)
  11. Virgin Media (1764)
  12. Ofcom Regulation (1582)
  13. Fibre Optic (1467)
  14. Wireless Internet (1462)
  15. 5G (1407)
Sponsored

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms  ,  Privacy and Cookie Policy  ,  Links  ,  Website Rules