My Photo
Location: Toronto, Ontario, Canada

I've been online since 1971 and I like to smoothe the way for everyone else. Among other things I co-founded Sympatico, the world's first easy-to-use Internet service (and Canada's largest).

View Rohan Jayasekera's profile on LinkedIn Rohan Jayasekera's Facebook profile twitter / RohanSJ
Subscribe in a reader

Or enter your email address:

Powered by FeedBlitz

Saturday, September 23, 2006

"Secret questions"

Web 2.0 sites usually need people to log in, with a user ID and password. Many of these have a feature to deal with a forgotten password: the site asks you a question to which only you know the answer. (Sometimes they call it a secret question, though really it’s only the answer that's supposed to be secret.)

It’s a good approach, but most sites blow it by not actually allowing you to specify such a question. They give you a list of questions to choose from, and if none of the questions are suitable, tough luck.

Why might questions be unsuitable? Let’s look at an example, one of the worst I’ve seen: the new free AOL.

Here are the choices of question:
  • The last 4 digits of your Social Security Number: Lots of people have access to this kind of information. It’s not particularly secret (even if it should be).
  • Where were you born?: Not much help to someone who’s always lived in the same city.
  • What is your favorite restaurant?: If I sign up today and three years from now I forget my password, will I still remember what was my favorite restaurant on this particular day?
  • What’s the name of your school?: Yeah, it’s really hard for an impostor to answer this one.
  • Who is your favorite singer?: See “favorite restaurant”.
  • What is your favorite town?
  • What is your favorite song?
  • What is your favorite food?
  • What is your favorite film?
  • What is your favorite book?
  • Where was your first job?: I could pick this one and specify that the answer is “I.P. Sharp Associates”. But three years from now I might answer it “Montreal”. Besides, anyone with access to my résumé could answer this. Mine is online and I make it easy to find.
  • What is your pet’s name?: Usually not hard for an impostor to find out. (Oh, and my wife and I have five pets, not one.)
  • Where did you grow up?: Again, not hard for a miscreant to determine.
If you build a Web 2.0 site, please do the right thing: let the user type in their own question, and give a bit of advice as to what constitutes a good one. If you like you can include some stock questions to choose from, but please make them good ones. (And no, “mother’s maiden name” isn’t always a good one either. A lot of companies even use that as the only choice!)


Anonymous Anonymous said...

I hate that. Even CIBC's doing it now. I tried to get out of it, but they wouldn't let me. Stupid bank.

Saturday, September 23, 2006 at 6:06:00 p.m. EDT  

Post a Comment

<< Home