Your Peace of Mind is our Commitment

Contact Us English Recent Articles

Questioning Password Resets

First published: 31st May 2008

Allan Dyer

A recent article and a website advocate improving the quality of "security questions" for web-based customer self-service password resets, but are any questions really suitable for global, inter-cultural use? Personally, any information about me that is memorable and I would be willing to tell to a website is probably not a secret, and if it is not memorable, I won't remember it either, making it useless as a "security question".

Below I list some of the questions that claim are "good", with thoughts on their limitations. Of course, a developer can provide a choice of "good" questions for users to choose between at registration, but the number of choices suitable for particular users may be very restricted, once cultural, social or other factors are considered:

So even "good" questions may be limited in their applicability. Developers should consider the risks involved for their application.

More Information

Related Articles