The Great Security Question Hoax

Much of our identities are locked away in the ether. Kept safe in vapor pockets by banks and wireless providers with paper thin questions like, “What is your mother’s maiden name?”  We’ve all answered them, developing password fatigue as we try to remember our favorite sports team or if we used our grandfather’s given name or “Gampy.”

Some things are not that hard to figure out.  That Sarah Palin and her husband Todd met in high school was ferreted out by one such hacker just before her Yahoo mail became public knowledge.  Same with the name of Paris Hilton’s dog. Yep. Hacked.

A paper in Technology Review states, “researchers from Microsoft and Carnegie Mellon University plan [showed] that the secret questions…are woefully insecure.” Participants in a study were able to guess 30 percent and 57 percent of the correct answers of security questions asked in the top-five list of guesses. Of people that participants would not trust with their password, 45 percent could still answer a question about where they were born, and 40 percent could correctly give their pet’s name.

With all the insecurity, security questions are still used as an authenticator by key institutions as an extra security layer. Yet it’s an old-school (circa 1906) solution to a new-school problem in an age where Gampy’s name is one blog post away from a hacker’s cheeseburger in paradise.

Good security questions are hard to design as they need to be definitive, applicable, memorable and safe. If the question is too hard, it might be easily forgotten by the person who is being protected. In the study mentioned earlier, participants forgot 16 percent of the answers within three to six months.

— If the question is too easy, the world of hurt can be indescribably huge.

As a user, you could increase your own security by giving false random answers, calling the bank for a reset whenever you forget them. Still, it is a work-around for a system employed way too liberally by banks that know better.

Perhaps they do it to make customers feel like they are participating in their own security. And better systems, like sending new passwords by email, require hiring an extra person on the phone bank as customers need tech-support when they forget how to use these systems or when they lose auto-generated emails in their spam filters.

Password questions are still king as there is no viable alternative.  They reduce customer phone calls, giving companies incentive to keep status quo.  Still, finding the balance between customer convenience and protection from identity theft might be difficult. With much at stake, responsible corporations with our identities in their hands might consider titanium locks over vapor.

 


New Web Browser releases get put to the test

 

The competition in the web browsing market has been ratcheted up a notch with the recent releases of Firefox 4 and Internet Explorer 9, along with Chrome 11 (dev). Everyone has their reasons for picking one over the other. Be it design, simplicity, advanced features, etc. their is no correct way to pick a browser, as long as it’s what you like.
Continue reading…


Mozilla Updates Firefox, brings back oldie but goodie

If you are like me, you hate mousing over text that’s hyper-linked and not knowing where said link will take you. I mean sometimes the entire URL is too long and you need a smaller version. Or you might embed it in one word, like the plethora of posts that have links HERE. One of the best things is being able to see the intended URL in the status bar at the bottom left of the browser window.  For some reason, Firefox took it away.  However, now they’ve brought it back.