Usability problems with Personal Security Questions:
- Questions are not specific enough.
- Answers to questions change over time.
- Users don’t have an answer to the question.
- Users provide answers that aren’t easily repeatable.
Security problems with Personal Security Questions:
- Answers to questions are easily guessed.
- Answers to questions are easily found online or in other public sources of data.
What to improve?
- Decide whether personal security questions are truly useful for your site.
- Always tell users the date they provided answers to their security questions.
- Consider implementing a CAPTCHA to prevent hackers from writing scripts to automatically guess answers.
- Consider letting users fill in the blanks to make stronger questions.
- If letting users write their own questions, give adequate guidance.
- Consider using an alternative challenge and response approach.
Źródło i wartościowy artykuł z sugestiami i przykładami: The Design of Personal Security Questions, Usability Matters
Recent Comments