Agencies

Anti-Money Laundering

Business Continuity & Disaster Recovery

Compliance

Emerging Technology

Governance and Standards

Identity Theft

Leadership Management

Physical Security

Risk Management

Training & Education

Webinar Calendar

Vendor Directory

Content Library

Products

Events

About Us

Resources

Using Secret Questions

Identity Theft
Management Guidelines
Risk Management
STRONG Authentication

To help verify a user's identity in the case of a lost password, many Web applications use secret questions. By answering a pre-selected question, a user can demonstrate some personal knowledge of the account owner. A classic example is asking to provide a mother's maiden name.

Answering secret questions requires some knowledge of the user account, but secret questions break all the rules for strong passwords and have some significant weaknesses:

" An attacker can somet

> Read entire article (log in required - registration is free)