Page 1 of 1

Slightly off topic - security questions

Posted: Mon Aug 07, 2006 11:16 am
by Nunners
This is slightly off PHP, but does anyone have a decent list of standard questions to ask a customer, that is personal, but not necessarily a password type answer.

An example would be "Mother's Maiden Name" - but as this is easy to look up, we were trying to think of some non-objective ones, but something more subjective (assuming I've got my ob & sub the right way round :))

Thanks
Nunners

Posted: Mon Aug 07, 2006 11:27 am
by feyd
Favourite Colour
Pet's Name
Favourite Place
Favourite Movie

anything in the favourites category really.

Posted: Mon Aug 07, 2006 11:47 am
by Ambush Commander
Personally, I would advise against implementing this sort of functionality if you can tie the account to an email address.

Posted: Mon Aug 07, 2006 1:07 pm
by Oren
Ambush Commander wrote:Personally, I would advise against implementing this sort of functionality if you can tie the account to an email address.
I agree, there will always be those stupid ones with the so-easy-to-guess answers :P

Posted: Mon Aug 07, 2006 1:15 pm
by Christopher
- relative's middle names
- first place, pet, person names

Go sign-up for Google or Yahoo and see what they have.

Posted: Tue Aug 08, 2006 3:55 am
by Nunners
I'd agree with you all, however, there are various draw backs to various things!

In terms of using personal details (mother's maiden name/father's middle name etc), these are fairly easy to find nowadays.

With regards to linking directly to an email address, again that is not necessarily completely secure - but what is! But, as this is part of a system to allow users to reset their password for their email account, sending it to an email address isn't really gonna work!

We're also trying to get away from users setting their own questions, as some users put things that are particularly blue - and when they ring up our support desk, it makes things somewhat interesting, and indeed embarassing when you have to ask a customer what their favourite body part is (and that's just a minor one)!

So, I think we're gonna stick with the favourite x, but also get more details off them, possibly using postcode, date of birth etc.

Thanks for you help though...

James

Posted: Tue Aug 08, 2006 7:41 am
by Ambush Commander
Well, you could just ask them for their credit card number... (if it's paid, of course).

Posted: Fri Aug 11, 2006 2:20 pm
by toasty2
Lol, I'm sure that they would give it to you :D :?:
Services like Google do let you choose a question, common questions are:
Mother's Maiden Name
Frequent Flyer Number
First Phone Number
Pet's Name
Just to name a few...

Posted: Fri Aug 11, 2006 3:35 pm
by daedalus__
As far as I know, when you implement this kind of thing, you always have to sacrifice some security.

Posted: Sat Sep 23, 2006 8:48 pm
by shiflett
Let the user choose the question. That's my preference.

Also, see the fourth tip here:

http://jeremiahgrossman.blogspot.com/20 ... users.html