« Trials and downloads | Main | Tabs, used right »

Security question difficulties

It is interesting to be on the receiving end of someone else's system sometimes. Recently I opened an online banking account. The process involved setting up a password, a and recording the answer to a number of memorable questions - things like favourite colour, a memorable name, a favourite musician etc.

I don't find these things easy to do:

  • I like to set up strong passwords, but it takes me a while to think of them - it also can necessitate reading some of the website's help information - some systems will not allow punctuation characters (or a password that includes them does not work).
  • Favourite colour, band, memorable name etc.? Well that depends on which week you are asking me - I seem not to be a person who has lifelong preferences about these things, meaning that it is difficult to remember which current preference I put in. Also, I know enough to try to avoid things that a hacker would easily guess, but then it takes me a few moments to think of good ones.
  • Security question - the website asked me to set up a security question that should be "something to which only you know the answer, not a member of your family, for example). Taking this very literally would be difficult, since my wife knows lots about me (fortunately I don't need to worry about her hacking the bank account). I had some interesting thoughts about the pros and cons of  customers entering  really personal information here.  Is this going to only be handled by computer systems or do I need to imagine some poor employee  in Customer Services having to authenticate a customer on the phone by asking them some very intimate detail :-) ). A further problem for me was the question and answer each had to be less than 20 characters.

By the time I had sorted all this out, the website had timed me out (without telling me it was about to do so). So my setting up process part-worked, when I logged in my details didn't all work and I had to route around the subsystem that got the bank to issue me with a new temporary login to do it all over again.

Of course, what baffles me may be no problem for other people, but as we try to keep users safe by increasing the number of passwords and details and asking them to choose less guessable ones, it's more likely that this becomes a general problem.

Now I just have to remember all these passwords...

September 12, 2007 in My usability experiences |

| | |

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d83466f1c669e200e54edbf7d08833

Listed below are links to weblogs that reference Security question difficulties:

Comments

Garry

Some questions pose more serious threats than others, and some can be more to decipher or crack. There’s a list of good, fair, and poor questions at www.goodsecurityquestions.com along with guidelines to find the better questions.

Posted by: Garry | November 18, 2007 at 12:48 AM

Verify your Comment

Previewing your Comment

Posted by:  | 

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Comments are moderated, and will not appear until the author has approved them.