[Sigia-l] secret question & answer
Cindy Alvarez
calvarez at pixelsmear.net
Wed Feb 4 23:16:42 EST 2004
> What's interesting for me is that I either can't answer or would forget at
> least some of these answers:
> - I have two parents (duh!) and wouldn't remember which one I did
> - I don't have a favourite sports team
> - city of birth would be OK (but I stuffed this one in MovableType once by
> typing it in all lower case and forgetting...)
Exactly! The only way the Q&A scenario can be usable is if:
- the questions have only one possible "right" answer
- the questions are strongly likely to have one-word answers
- the answers are case-insensitive
- there are multiple options so that users aren't forced to answer a
"false" question (i.e. first car for a non-driver)
As a user I don't mind answering questions to retrieve a password (though
I prefer a simple 'email me my password'), but I'm often surprised by how
often the security questions are totally inappropriate for security and
usability purposes.
Cindy Alvarez
More information about the Sigia-l
mailing list