Security question

From Wikipedia, the free encyclopedia

A security question is used as an authenticator by banks, cable companies and wireless providers as an extra security layer. They are a form of shared secret.[1]

Financial institutions have used questions to authenticate customers since at least the 1980s.[1] For example, a credit card provider could request a customer's mother's maiden name before issuing a replacement for a lost card.[1]

However, beginning in mid-2006, the questions have become ubiquitous online.[1] As a form of self-service password reset, security questions have reduced information technology help desk costs.[1]

Seventy to eighty percent of American banks use RSA Security's "Adaptive Authentication program," including Bank of America, Wachovia, ING, Washington Mutual, and Vanguard.[1] RSA estimates that ninety percent of banks are using security questions.[1]

The best answers are simple, memorable, can't be guessed easily, and don't change over time.[2] Understanding that not every question will work for everyone, RSA gives banks 150 questions to choose from.[1]

[edit] See also

[edit] References

  1. ^ a b c d e f g h Levin, Josh (2008-01-30). In What City Did You Honeymoon? And other monstrously stupid bank security questions. Slate.
  2. ^ Garry. Designing Good Security Questions. Retrieved on 2008-01-30.

[edit] External links