Favorite "secret" question

Date February 13, 2008

For the forgotten password "secret" question+answer, we know that it’s not good security to ask users questions that are easy to guess or discover.  If you are a well known (faux) celebrity, using your pet’s name as that secret question is probably not a great idea. (note: as more is known of this "incident", I think that this could be one of those urban myths, but I still like to recite it as it’s a good story and illustrates the problem simply).

There are quite a few questions that shouldn’t really be used (some guidance here), but favorite color is just one of them.  We were having this conversation between some of the guys at Foundstone today, and I was sent the following picture (thanks Jer).

colors

Not exactly prime referenceable material, but I think it illustrates the point nicely – America’s favorite color is blue, in various shades as you can see from the chart.

Just in case you were interested :)

Category Posted in Security


Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>