Negative Space: insecurity questions

Allow men to impersonate exes, transgender activists say: Some transgender activists want banks to reduce the security on bank accounts, enabling abusive exes to access their victims’ bank accounts.
Are insecurity questions designed to help hackers?: Insecurity questions are being modified to make them easier to hack and harder to remember. It’s as if they’re designed to help hackers and frustrate forgetful account owners.
Insecurity Questions enable harassment and abuse: Insecurity questions are designed specifically to let someone who does not have your password access your account without having to talk to a human. The idea is that that person will be you after you forget your password, but the computer does not care. Anyone or anything with that information can access your account.
Insecurity questions on phones and at banks: How important are the last four digits of your social security number? That and a high school yearbook can get a hacker your bank account.
Mat Honan should read Mimsy: “Because the last four numbers of your SSN are what businesses ask for, they are all that a criminal sometimes needs to use your cash or credit.”
Security is hard, and 2FA is not the answer: Is 2-factor authentication the magic bullet in security? Not unless we solve the real problem, which is that people always take the easy way out—and that includes service providers.
Security questions will always be insecure: Insecurity questions are insecure because their purpose is to allow access to someone who does not know the access credentials. This trait is shared by zero or one person who has forgotten their password, and an infinitude of people who never knew it in the first place—because they shouldn’t have access.
Should Apple enable exes to access their ex-spouse’s iPad?: Chris Matyszczyk wants Apple to just believe someone who says their spouse died, and give access to their iPad, then claims that this is how everything else, from house titles to bank accounts work. Unfortunately, he’s not far off there.
What is your favorite color?: This is why I don’t like password recovery schemes that ask question which are public knowledge.

More Information

Why don’t the answers to “security questions” need to be stored securely?: “Given that security questions and answers often allow a user access to an account in a workaround way, without requiring the password, why are they allowed to be stored in plain text?”

Comments?

If you have comments or questions about this page, please, leave a message on the Negative Space Comments Page.

Lost?

If you’re looking for something here, use the search box in the navigation to limit your search to this part of the site, or use the Negative Space search page.

Jerry

“How’s about a beer, Norm?”

“That’s that amber sudsy stuff, right? I’ve heard good things about it!” — Cheers

Contents of Negative Space™ as a whole Copyright © 1994-2024 Jerry Stratton. Individual copyrights remain held by their respective authors unless they specify otherwise. Site titles, such as Negative Space, Strange Bedfellows, Biblyon Broadsheet, Highland Games, and FireBlade Coffeehouse are trademarks of Jerry Stratton.

Negative Space: insecurity questions last modified .

Negative Space: insecurity questions

More Information

Related Pages

Comments?

Lost?