IT Security: Does the Secret Question Help or Hurt?
In my previous blog, I had gone on about passwords and how people really don't use good ones. Working in IT Support
, I constantly think about this kind of stuff, and this time I am going to question the "secret question" that is used in password resets.
Why even use the secret question? It has never struck me as a good idea. There are vulnerabilities inherent in its use. If you set up your answer to the secret question truthfully, the answer could be figured out by someone doing a bit of research on you. If you set up the answer to the secret question with false information, you might forget it or get it wrong when you need to use it.
There have been several examples of how this method of password recovery has failed in the last year. Twitter had an incident which lead to exposure of internal company information, a certain Alaskan Governor was a victim which lead to internal government and personal information being leaked, and I even found reports of gamers getting their accounts hacked, all because someone figured out the answer to the secret question.
Now I am not here to offer a good solution, nor am I here just to complain about it. What I want you the reader to get out of this is a quick and dirty understanding that the secret question is a HUGE IT security hole that can be exploited. Some companies now have you answer several secret questions. That seems only to delay the hacking and annoy the user trying to recover the password with two questions to remember. It still leaves the possibility that someone could find out the info on you. The only way I see around this is to provide false information on the question that would not be figured out. Sorry Mom, on the next secret question I get, your maiden name is now Vader......ooops.
For more information on how Philadelphia IT Support Company, Trigon, and how its IT Services can help your business, contact us at solutions@TrigonIT.com or call 1-888-494-TRIGON.