[Sigia-l] Security Questions/Methods
nathan at nathancurtis.com
nathan at nathancurtis.com
Fri Jan 27 09:37:41 EST 2006
Know of any available non-proprietary research, patterns, or case studies
on optimal security questions and methods for site registration,
authentication, and forgot username/password?
My group is hoping to maximize clarity, likelihood of an available
response, and the consistency by which the user's answer is memorable,
specific and unchanging, removing mood & transient preferences. But, such
specificity must be balanced with comfort and trust, for other questions
or methods are necessary for sites where one wouldn't anticipate or be
willing to provide SSN or city of birth.
For example, I'd presume "Mother's maiden name" is better than "Favorite
ice cream flavor" (transient) or "First child's middle name" (no
children).
An example I've come upon is Bank of America's extended, tiered
authentication model, which I honestly don't completely understand as a
customer but go along with anyway.
Ideas?
Nathan Curtis
Manager, User Experience Design
K12, Inc.
Mclean, VA
More information about the Sigia-l
mailing list