Slash Boxes
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

rjbs (4671)

  (email not shown publicly)
AOL IM: RicardoJBSignes (Add Buddy, Send Message)
Yahoo! ID: RicardoSignes (Add User, Send Message)

I'm a Perl coder living in Bethlehem, PA and working Philadelphia. I'm a philosopher and theologan by training, but I was shocked to learn upon my graduation that these skills don't have many associated careers. Now I write code.

Journal of rjbs (4671)

Saturday December 01, 2007
09:16 AM

password security questions

[ #35024 ]

RCN has been hassling me with automated phone calls to set up a new account password. If I don't do that, apparently, I will never be allowed to discuss my account with them again. I don't get it, but I just called in to set up my password.

They asked me to set up two backup security questions, too. That's fine. We use those at Pobox, but we do what everyone should do: we let the customer pick both the question and the answer. Unfortunately, too many people provide only a question, or a list of questions. Worse, many are now asking questions, the answer to which is not a fact but an opinion that could change over time. My choices were:

  • What is your favorite place?
  • What is your favorite food?
  • What was your first pet?

There were a few other options, which I think were fairly opinion-like. (I know that the order of my pets is not an opinion, but it's hard to remember which one came first, since we had them when I was so young.)

The purpose of these questions is to make sure that even if you lose the slip of paper on which you wrote our password, you will still be able to verify your identity with something you will know without fail. That's why "mother's maiden name" is a good idea: if you know it, you know it. It will never change, and you are not likely to forget it. I understand that it's good to have alternate questions -- some people don't or can't know their mother's maiden name. The alternate question, if you can't bring yourself to let the user specify a question, should also be about a fact.

Otherwise, the user will do what I did: decide on answers and write them down on the same slip of paper as the password. Well, that or in two years he will be unwilling to believe that he specified anything other than squid as his favorite food. Then how will he get his pay per view?

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
More | Login | Reply
Loading... please wait.