General discussion
-
Topic
-
Security Questions – using Widely known facts?
LockedWith Mobile and Internet banking growing heavily, do we stop to see what kind of security questions our banks ask before letting us do banking – and even getting our password reset. Most banks seem to ask “Mother’s maiden name” as equivalent to a “Open Sesame” of Alibaba. But is it not well known to close relatives and even shared among siblings. Is this based on a implicit faith on family and relations?
Similarly, Organizations seems to depend on Employee number, Date of Birth, Date of Joining the organization as the “secure” questions based on which their internal systems open up. Are these information secure and really private to the individual? Most of these are public knowledge and even available in the organization’s web site – especially for people at high level.
Is there anything like a good security question at all? Between ease of remembrance and known only to an individual looks like, compromise is the only way. But using too widely known facts as security questions does seem ironical.