Home > Alternatives to password-reset questions tackle social networking cons >

Alternatives to password-reset questions tackle social networking cons

 

 

Search Security

July 13, 2010

 

This Search Security article by Randall Gamby highlights the poor level of security provided by knowledge-based questions. Many websites use challenge questions such as “What high school did you attend” as a second form of authentication. However, in today’s world where people share so much information about themselves on social networking sites, even the answers to seemingly obscure questions such as “What was the name of your first pet” or “What was the name of your first boyfriend/girlfriend” can often be found online.  As Gamby states in the article:

“Knowledge based questions are a lot less secure than they once were, due to the open nature of social networking sites and the public's lack of understanding of what personal information is. Whether a person's full resume is posted on LinkedIn or friends on Facebook are constantly reminiscing about intimate high school antics, personal information is slowly leaking onto the public Internet and contributing to social networking cons.”

In an effort to strengthen security, some websites are moving away from knowledge based questions in favor of alternative forms of authentication. One alternative method that Gamby describes in the article is graphic object selection. Although the method he describes differs from the image-based authentication solution provided by Confident Technologies, the concept is similar. Users select images, which are much easier to remember than alphanumeric passwords and more secure than knowledge questions. The next time the user is on the website and needs to authenticate, they simply recognize their pre-chosen images or image categories.

Image-based authentication, or graphic object selection, is more secure than knowledge-based questions because only the user knows their chosen images. It’s easier on the user than remembering alphanumeric strings and it’s more affordable than biometrics or hardware tokens.

To read the complete article from Search Security, click here.