Ok, this post isn't directly related to coding, but it is related to website design. This morning I visited a credit reporting website (who shall remain nameless) to obtain my credit score. It asked for the basic info, including name, address, SSN, and b-day. Once the website had my info, the next page told me that I already had an account. Great. The website asked for my username and password. I tried a couple of usernames and passwords that I have used in the past, but no luck. Did you forget your password, the website asked? Yes, I guess so. Ok. Take me to the forgotten password page. Now it's asking for my favorite TV show as my only option for my "Secret Question." What? I hardly ever watch TV. I tried a couple of shows that I used to watch. No luck. Sorry, if you can't remember your favorite show that you never watched, I won't let you in, the website blares.
I'd say don't get me going about these subjective authentication schemes, but it's too late.
What I dislike is that the example above was based on an opinion that I had about a TV show from years ago. If a website must use a question-based authentication scheme, a better solution
would be to base the questions on facts, such as the year I graduated from high school, the mascot of my high school, my mother's mother's maiden name, and so on and so forth.
In summary, if you must use secret question authentication schemes, make sure the questions are based on facts, not favorites.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment