Quote:
Originally Posted by rowan
You know those security questions you use to reset your password? Many sites use canned questions like "your pet's name" or "your mother's maiden name" ... if a cracker has access to your email they can probably access other things, how difficult do you think it would be for them to find out that info? Probably not hard at all.
The best way is for the site to allow you to specify the QUESTION as well as the ANSWER, since it allows you to obfuscate it. If your wife named Joan Jill Doe has a mole you could choose something like "mole middle"... and the answer is "jill" (the middle name of someone with a mole). To someone who doesn't know your wife personally the question will make no sense.
Thoughts?
|
I disagree wholeheartedly. Security questions and even passwords for that matter should be easy to guess.
