Ask HN: Online Account Security Questions
I'm constantly bothered by the techniques used to secure our online accounts.
First - the multiple security questions. Second - the mandatory length and confusion in our passwords
This techniques are ridiculous and only hinders usability and adoption.
How about letting users enter a pin instead of requiring them to answer and set 5 random questions.
Password security, if I want it to be password - so be it. Give me a warning and let me keep moving. That ALONE has been the reasons I opt for not using certain services online.
Why must online security be stricter than real world application such as ATM pin with the added benefit of using all alphanumeric chars?
While taking brute force precaution in the code - why make it harder for users to use/register for your service?
4 comments
[ 0.25 ms ] story [ 18.6 ms ] threadWith the use of all alphanumeric chars - it would be even greater security. The only risk I see is if people consciously decided to use 111, aaa, bbb etc and those of the like.
But you can also block these pins from the jump so people can't use them.
(Am I saying that security questions are secure? No.)
Human beings attempt to brute force their own pins, most of which have a greater insight into possible combinations and STILL get their account locked. Remember - 3 tries gets you locked.
Why would it get broken quicker? If there's something I'm missing, I want to know it for the sake of being a better developer.