top | item 8259822

(no title)

pseudonym | 11 years ago

While I wouldn't disagree with the stupidity of "security questions" answered straight, I don't know if this is something to lay on Apple's doorstep, because anyone with a modicum of knowledge either lies or supplies "custom" security questions-- it's basically a "if you forget password A, remember password B" system. But explaining that to users who have issues with a password is a lot more far-reaching and widespread than any one company.

Additionally, making "security questions" passwords in and of themselves is going to tremendously increase the volume of your support tickets. At some point, you need to make a cost/benefit analysis and make a decision including that, not just looking at "what's more secure if we assume our users are stupid".

If you really want a niche market, though, "social media security consultant" for celebrities would probably make you a pretty penny nowadays...

discuss

x1798DE|11 years ago

>Additionally, making "security questions" passwords in and of themselves is going to tremendously increase the volume of your support tickets. At some point, you need to make a cost/benefit analysis and make a decision including that, not just looking at "what's more secure if we assume our users are stupid".

I think as long as you can choose your own level of security, this is actually the best solution, even though some people will not have a firm grasp on how much security they are choosing to have. Right now the default is a fairly low level of security (answer the security questions correct, plus possibly an e-mail loop), but you can just answer the security questions with another password if you want to, assuming that they don't have any kind of thing that detects weird answers. Unfortunately, almost no one lets you selectively disable things like security questions or password resets.