- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
For years I have been absolutely frustrated by these "Security Question" schemes. Working in a DoD environment, I am faced with this lunacy on a regular basis.
I much prefer the option to create my own question.
My particularly annoying favorite is the "canned" question: 'What is your favorite sports team?' I HAVE NO INTEREST IN ANY SPORT AND CANNOT NAME EVEN ONE TEAM!! I am forced to answer such questions with the word 'team'. Or, better, "What is your brother's name?" I am an only-child!!!
Admin
I like all of those vegetables.
Admin
They're not even secure. It's the kind of stuff that causes 14-year old kids to whine about their Msn-account being "hacked". Some classmate of theirs knows their pet's name, fills it in and tâdaa! Access! There's simply no point, from a security point of view, to these questions.
Now I'm reminded of that time Sarah Palin's Yahoo account got "hacked" because some kid found the answer to her "secret question" on her Wikipedia page.
Admin
"What is your least favourite comment?"
I guess for most people it would be this one. Still, at least they didn't use reCAPTCHA - these days I have to reload it at least three times before I get a check word that I can actually read.
Admin
What is your brother's name? I only have sisters, you insensitive clod!
Yes, a security scheme where the answers are finite wouldn't take long to break. For customers that complained, perhaps they could give them a single preselected question with a single drop-down answer.
Admin
I think this would have made more sense if the username and password were also in a drop-down. You know, for consistency.
Admin
"What is your least-favourite security question?"
Admin
"What is your least favorite Web site?"
Admin
Actually, these make great security questions when you make up an answer (and either make it memorable to you, or record it somewhere). No one could ever guess it then.
Admin
The real WTF is including neither cabbage nor spinach in the answers list.
What may have happened is that the programmer who originally put this together was given the specification: "Set up a screen with 5 security questions on it. Don't worry about the content - we'll decide that later."
So off he goes and puts together the screen. In order to ensure it functions adequately (emphasis on the "adequately") he pulls a bunch of questions out of midair ("Don't worry about the content ...") and bangs in any old rubbish answers.
The final step of the process (i.e. to provide the actual questions and answers) was completely forgotten. Or perhaps the less-than-fully-aware person who specified this system only at that point realised what a difficult job it is inventing five security questions complete with difficult-to-guess answers, and sort of quietly ignored it.
IMHO the person who wrote the specification deserves to lose their position in the company, and preferably be removed from the company completely.
Admin
Question: "What is your favourite leisure activity?" Answers: (selectable via drop-down): "Sex" "Eating sick" "Walking to work in the rain" "Visiting the mother-in-law" "Wrapping brambles round your legs"
Nobody will guess the correct answer.
Here's another good one:
"What's your favourite TV program?" Answers: "Teletubbies" "Play Away" "Play School" "Watch With Mother"
Admin
Cauliflower! I really hate cauliflower.
Admin
"What is your favorite melon?"
I appreciate melons of all shapes, sizes, and colors as long as they're not artifical, and they aren't doing an impression of a banana.
Admin
I like Angelina Jolies left melon the most.
Admin
Admin
Or a pancake.
Admin
Admin
Simple solution: editable combo box.
Admin
Admin
Admin
Pray, good sir, tell me more about this particular melon.
Admin
I was wondering about favourite melons too. As far as I know there's only 'melon', except for the botanists out there.
Admin
My favorite: they give you questions, you answer with correct and/or hard-to-guess responses, expecting that the login security system will query you with a text-box. [Not good, but it's a system you're required to login to, soo....]
Instead, you get this:
Q: What is your favorite sports team? Dropdown with:
Hmmmm, which one did the "clever" user create?, and which ones are system's decoys? Hmmm...
Admin
There's also a cantaloupe that's rugbyball-shaped. That makes 2,5 - 3 types. Plenty enough to be secure and near-impossible to brute force it.
Captcha: Ingenium. This system of security questions about melons is ingenium!
Admin
Wikipedia (bless its heart) has 24 different melons listed. Of those, I've heard of four of them (and I used to work in greengrocery).
You wonder whether you may not be allowed to open an account with this bank until you have tried them all to ascertain what your favourite one is.
Admin
Admin
Admin
Admin
What is entropy?
Admin
Admin
Would it be better or worse to return to free-text answers, and then not prompt mobile users for a security question at all? This is what my bank does.
P.S. What does it take to get an account approved around here? Sheesh...
Admin
"What is your favorite melon?"
The kind wrapped in prosciutto.
Admin
It's well known that web developers have problems with insecurity.
Admin
I usually simply choose any security question at random and enter a large string of randomly typed characters into the text box (well, in case there IS a text box!), one of the kind that nobody including me could possibly remember, effectively taking this whole stupid "security" concept of asking questions out of the equation completely.
The thing is - typically, these systems are used as a measure to retrieve/reset lost passwords, thus they actually weaken security, no matter how well they are designed. But: I never forget my passwords, at least not those for important logins which I need to use regularly and cannot just easily replace with a new one like on a seldomly used account on some bulletin board or whatever. So I don't really have any need for "lost-my-password" functionality, and especially not if that critical side entrance to my account is guarded by questions like "Who was your favourite teacher?" which could be answered by at least 20 classmates from good old school times.
Admin
Wow, 5 dropdowns and maybe ten possible answers each is about 10^5 combos, which is approximately 17 bits. Talk about secure.
Admin
Ahh, those gawd-awful "security" questions.
I recently registered for an account on a site that allowed the user to pick from a set of canned questions. I was able to pick four different questions with the same answer.
Re: Making up a unique, non-guessable, secure answer and saving it: If users could do that correctly, they'd remember their passwords, and wouldn't need security questions, wouldn't they? Maybe the best option is a checkbox that says "I solemnly swear to never forget my password so please don't open a backdoor into my account"
Admin
Another useful security technique for the feeble-minded which is (if not perfect) better than the silly-question one is the "Forgot your password?" button which results in the site in question emailing a new temporary password to your email account. Yes I know it's not perfect, because you need to remember a password to access your email.
Admin
Admin
... or, to put it more bluntly: those who are too stupid to be able to remember a password but who still believe in on-line banking deserve to have their bank accounts ransacked.
Admin
Here: fix'd that for you.
Admin
Admin
Admin
You crazy or sumpin'? There's watermelon, and, um, firemelon and earthmelon and airmelon. So that's at least four.
Admin
FTFY
Admin
I used to, but not anymore. It knows what it did...
Admin
Oh wait, airmelon should be windmelon then... Crap
Admin
So the fifth melonment is Melon Jovovich, right?
Admin
Um, no. It's melonin, of course.
Admin
For reference, here is the full listing of the various question and answer choices. Yes, the dropdowns are NOT sorted alphabetically or even logically... at least as far as I can tell.
How old was your first car? 1980-1989 1940-1949 1950-1959 1970-1979 1930-1939 1960-1969 1929 or prior 2000-2009 1990-1999 2010 or newer
What is your favorite national monument? Mount Rushmore Jefferson Memorial FDR Memorial Statue of Liberty Crazy Horse Vietnam Veterans Memorial Martin Luther King Jr. Memorial Lincoln Memorial Washington Monument
Where was your father born? Central America South America Pacific Island Europe Africa Asia Australia Caribbean North America Middle East
What was your mother’s sign of the zodiac? Aries (March 21 – April 20) Cancer (June 21 – July 21) Capricorn (December 22 – January 20) Pisces (February 20 – March 20) Scorpio (October 23 – November 21) Leo (July 22 – August 22) Gemini (May 21 – June 20) Sagittarius (November 22 – December 21) Aquarius (January 20 – February 19) Taurus (April 21 – May 20) Libra (September 23 – October 22) Virgo (August 23 – September 22)
How old were you when you got your first job? 21-25 older than 32 10-15 26-28 29-32 16-20
How old were you when you were first married? 41 or older 31-35 Younger than 21 26-30 36-40 21-25 Never
How many older siblings do you have? 5 6 2 8 0 9 or more 3 7 1 4
How many times have you gotten a speeding ticket? 0 3 4 5 or more 2 1
What was your father’s sign of the zodiac? Capricorn (December 22 – January 20) Scorpio (October 23 – November 21) Leo (July 22 – August 22) Aquarius (January 20 – February 19) Virgo (August 23 – September 22) Cancer (June 21 – July 21) Gemini (May 21 – June 20) Aries (March 21 – April 20) Taurus (April 21 – May 20) Sagittarius (November 22 – December 21) Libra (September 23 – October 22) Pisces (February 20 – March 20)
What is the highest level of education you completed? College Elementary High School Middle School Junior College Trade School Junior High
What is the first letter of your father’s middle name? E P D K A S R U V G N T L B F W Q H O M C Y I X Z J
Where was your mother born? Caribbean South America Asia Central America North America Africa Australia Middle East Europe Pacific Island
What was your oldest sibling’s sign of the zodiac? Taurus (April 21 – May 20) Scorpio (October 23 – November 21) Gemini (May 21 – June 20) Libra (September 23 – October 22) Aquarius (January 20 – February 19) Sagittarius (November 22 – December 21) Pisces (February 20 – March 20) Virgo (August 23 – September 22) Leo (July 22 – August 22) Capricorn (December 22 – January 20) Aries (March 21 – April 20) Cancer (June 21 – July 21)
What is your favorite soft drink? Mountain Dew Diet Dr. Pepper Diet Pepsi Orange Crush Root Beer Pepsi Diet Coke Dr. Pepper Seven Up Lemonade Coca Cola Ginger Ale Iced tea
What’s the color of your mother’s eyes? Gray Blue Violet Brown Hazel Amber Green Black
How old were you when your first child was born? 31-35 Younger than 21 21-25 41 or older 36-40 26-30 No Children
What is your favorite movie genre? Musical Mystery Documentary Animated Romance Action Comedy Sci-Fi Horror/Thriller Fantasy Epic/Myth
Where is your favorite vacation spot? Venice Greece Florida Mexico Scandinavia London New York City Disney World Kenya Paris India Canadian Rockies Costa Rica Argentina Tuscany San Francisco Seattle Hawaii Western U.S. South Africa Rio de Janeiro Palestine Egypt The Alps Far East New England Jamaica
What’s the color of your father’s eyes? Violet Blue Brown Green Gray Black Amber Hazel
What is your favorite subject in high school? Gym History Math Social Studies Reading Art Civics Music Science English Langauage
What is your favorite type of music? Folk Country Alternative Bluegrass Pop Hip hop Rock and Roll Disco Mariachi Jazz Soul Classical Reggae Blues
What is your favorite color? Yellow Chartreuse Pink Gold Orange Green Red Amber White Gray Silver Lavender Black Blue Purple
What is your least favorite vegetable? Corn Green Beans Brussels sprouts Cauliflower Peas Turnips Beets Asparagus Broccoli
What was your oldest niece or nephew’s sign of the zodiac? Taurus (April 21 – May 20) Pisces (February 20 – March 20) Cancer (June 21 – July 21) Sagittarius (November 22 – December 21) Leo (July 22 – August 22) Scorpio (October 23 – November 21) Libra (September 23 – October 22) Virgo (August 23 – September 22) Aries (March 21 – April 20) Capricorn (December 22 – January 20) Gemini (May 21 – June 20) Aquarius (January 20 – February 19)
What year did you graduate from High School? 1990-1999 1930 – 1939 1910 - 1919 1960 – 1969 1950 – 1959 2000-2009 2010-2019 1970-1979 1980-1989 1940 – 1949 1920 – 1929
What is your favorite melon? Honeydew Don’t like melon Papaya Cantaloupe Watermelon Crenshaw Musk Melon
What musical instrument would you like to know how to play? Trumpet Piano Oboe Cello String Bass Guitar Tuba Banjo Saxophone Flute Drums Trombone French Horn Violin Viola Clarinet Bass Guitar Organ
What color was your first car? Pink Brown Silver Green Other Red Yellow Tan Beige Black White Gold Blue Orange Purple
Where was your maternal grandmother born? Central America North America Middle East Europe Pacific Island Australia South America Asia Caribbean Africa
Admin