More bad security: Dumb security questions
I recently created a new account for company whose service is a hybrid of web-era scalability and accessibility combined with metered, nearly-instant access to a physical product... in other words, a site which it's important that my account not be easily compromised, because someone somewhere could run up a bill for services I didn't personally get to use.
During the signup process, I got to the now-standard "Security Question" phase (though, they oddly call it a "Secret" question, even though they'll show it to anyone who pretends to be you having lost your password), and was amused to see this option. Here's what I saw:
Yes, they're asking a question for which there are only 50 legitemate answers, for which many individual's friends will have a good chance at guessing correctly .... and then they go one step further, and exclude 3 of the states (Ohio, Iowa and Utah are not 5 characters long).
Fwew. Thanks goodness Ohio (sure to trivially show up, in my case, on an appropriate web search) wasn't long enough, or I might've fallen for it! :)
Technorati Tags: badsecurity