Question

should be a minimum of 300 words,

Authentication is very important to everyone’s security on the net.
Oops! I forgot my password! This happened to almost everyone who uses any type of online accounts.

- How would I get back to my account?
- Most websites use secret question backups, list and explain 3 alternatives to secret questions backups.
- What are the problems with “secret questions” for authentication?

Feel free to include real life examples and personal experiences.

Answer 1

In computer terminology, Authentications means the verification of a user's identity. It confirms one's identity and provides the access to the genuine user only. In web applications, it is generally based on username and password. If the credentials match, the login process is completed and the user is granted authorization for access.

However, today there are many websites where we register and we generally try to keep different passwords for them. Then it becomes difficult for us to remember the passwords and we tend to reset the password again using "Forgot password?" option through which we are either sent a reset link or OTP on mobile or some secret questions to verify our identity so that identity theft does not happen.

But do you think the secret question backup idea is good enough to refrain identity theft??

I don't think so, answer to these questions like "What was you first gradution school?", "What is your pet name?", "What is your mother's maiden name?", "Who is your favourite author?" etc. are so common to be guessed by anybody who knows us. So, this doesn't make sense to me as a secret.

Also, is it necessary that we do have some secrets which no one is aware of? Not at all, in some form or the other people who know us can guess the correct answers to these questions. Let me share one of the real time exaple that happened with me.

During last year summer vacations, I was travelling to my hometown, had no internet connectivity while travel. I got a call from college asking for submitting my marksheets softcopy by the end of day. I had those copies stored on my email account but had no internet connectivity so I called one of my friend asking him to access my email and share the marksheets with college authority. I needed to share my credentials with him but I have the same credentials for my facebook account too so I decided on telling him to use the 'Forgot password' option using OTP on mobile and I would have shared the OTP over call.

To my ashtonishment, he called me in 5 minutes and told me that he has shared the marksheets using my email to the college authority. I was surprised as to how did he get through my email authentication without OTP. Then he shared that he chose the secret questions backup option and answered the questions on his own in a hit and trial manner. He told that all the answers like my first school name, my pet name and my favourite author he was knowing well so he unlocked my account and changed the password.

I was speechless at the moment, neither I could chide him for using such option nor I could really be thankful for his favour. I still thanked him and the very moment decided to enable double security method for my email account so that on every login OTP is sent to my mobile so that no one else can misuse it.

I personally feel that 'secret questions' authentication method is not so strong to stop cyber crimes. It should be replaced with more meaningful verification methods.

With the advent of technology, these days devices come with finger print recognition, retina authentication, face detection authentications. Such methods are really helpful and strong enough to be not broken by anybody else.

Please always go for powerful authentication methods for protecting your information and data.