Secret Security Questions Are a Joke 408
Hugh Pickens writes "Rebecca Rosen writes that when hackers broke into Mat Honan's Apple account last week, they couldn't answer his security questions but Apple didn't care and issued a temporary password anyway. This was a company disregarding its own measure, saying, effectively, security questions are a joke and we don't take them very seriously. But even if Apple had required the hackers to answer the questions, it's very likely that the hackers would have been able to find the right answers. 'The answers to the most common security questions — where did you go to high school? what is the name of the first street you lived on? — are often a matter of the public record,' writes Rosen, 'even more easily so today than in the 1980s when security questions evolved as a means of protecting bank accounts.' Part of the problem is that a good security question is hard to design and has to meet four criteria: A good security question should be definitive — there should only be one correct answer; Applicable — the question should be possible to answer for as large a portion of users as possible; Memorable — the user should have little difficulty remembering it; and Safe — it should be difficult to guess or find through research. Unfortunately few questions fit all these criteria and are known only by you. 'Perhaps mother's maiden name was good enough for banking decades ago, but I'm pretty sure anyone with even a modicum of Google skills could figure out my mom's maiden's name,' concludes Rosen. Passwords have reached the end of their useful life adds Bruce Schneier. 'Today, they only work for low-security applications. The secret question is just one manifestation of that fact.'"
That's Not Possible (Score:4, Funny)
I'm sorry. Apple cannot make mistakes anymore. Clearly this is just anti-Apple-types trying to give the greatest, most wonderful, most lauded, most glorious company that has ever or will ever exist.
I'm now turning my iPod up to 11 to drown out the filthy lies of the naysayers. Jobs be praised.
What is Your Favourite Colour? (Score:5, Funny)
What is your quest?
What is the air-speed velocity of a coconut-laden swallow?
Re:Simple solution (Score:5, Funny)
I had a friend who built an entire fake persona that she used to answer her security questions. Address, parents, pets, you name it.
In hind site she was probably a little schizophrenic.
Re:BYO (Score:5, Funny)
My favorite make-up-your-own pair, which a CSR at a bank was once forced to read to me over the phone:
Q: "You're not going out dressed like that are you?"
A: "You can't tell me what to do! You're not my real father!"
Re:Simple solution (Score:2, Funny)
Yup. I had an embarassing phone conversation with my state's tax department because a year earlier I set the secret question to "What is the password?" and a year later I had naturally forgotten the answer.
Re:Simple solution (Score:5, Funny)
Re:Simple solution (Score:5, Funny)
You mean the cute customer service Indian guy.
Re:BYO (Score:5, Funny)
Re:Simple solution (Score:5, Funny)
It might not occur to your proverbial grandma that people can track down her mother's name.
That's because, as everyone knows, people from Proverbia are idiots.
Re:Simple solution (Score:5, Funny)
A good idea, but I'd hate having to remember--exactly--a 5,000 word essay in case I need to reset my password.
Re:Simple solution (Score:2, Funny)
I was hacked by the Mormons once; they defragged my hard drive, cleaned off all the malware, and installed an anti-porn webfilter.
Re:Simple solution (Score:5, Funny)
She is you.
Re:That's Not Possible (Score:4, Funny)
IPads only goes up to 10. 11 would be too complicated, like a second mouse button.
Re:Simple solution (Score:4, Funny)
And what happens if you loose the salt?
It dumps out into a big pile on my friend's plate. Hilarious.