[Sigia-l] Security Questions/Methods
Ockler, Sarah
sarah.ockler at gwl.com
Thu Feb 2 18:35:47 EST 2006
Some decent questions I've seen recently:
Father's middle name
High school mascot
Favorite author (could be transient but not as much as ice cream
flavor!)
First phone number
First teacher
>From personal use, I find that while I might remember my answer, I may
not remember exactly how I entered it (capital letters, spaces,
abbreviations, formatting, etc.). In that respect, 1-word answers would
be best. Unfortunately I'm not aware of any studies on this.
-Sarah
-----Original Message-----
From: sigia-l-bounces at asis.org [mailto:sigia-l-bounces at asis.org] On
Behalf Of nathan at nathancurtis.com
Sent: Friday, January 27, 2006 7:38 AM
To: sigia-l at asis.org
Subject: [Sigia-l] Security Questions/Methods
Know of any available non-proprietary research, patterns, or case
studies on optimal security questions and methods for site registration,
authentication, and forgot username/password?
My group is hoping to maximize clarity, likelihood of an available
response, and the consistency by which the user's answer is memorable,
specific and unchanging, removing mood & transient preferences. But,
such specificity must be balanced with comfort and trust, for other
questions or methods are necessary for sites where one wouldn't
anticipate or be willing to provide SSN or city of birth.
For example, I'd presume "Mother's maiden name" is better than "Favorite
ice cream flavor" (transient) or "First child's middle name" (no
children).
An example I've come upon is Bank of America's extended, tiered
authentication model, which I honestly don't completely understand as a
customer but go along with anyway.
Ideas?
Nathan Curtis
Manager, User Experience Design
K12, Inc.
Mclean, VA
------------
When replying, please *trim your post* as much as possible.
*Plain text, please; NO Attachments
Searchable Archive at http://www.info-arch.org/lists/sigia-l/
IA 06 Summit. Mark your calendar. March 23-27, Vancouver, BC.
http://www.iasummit.org/
________________________________________
Sigia-l mailing list -- post to: Sigia-l at asis.org Changes to
subscription: http://mail.asis.org/mailman/listinfo/sigia-l
More information about the Sigia-l
mailing list