Monday, February 17, 2020

What is the worst security account question?

I take attendance by having the students answer a question.

What is the worst account security question? (Previously: 2016.)

Students came up with some bad ones, mostly classics:

  • name of 1st pet
  • favorite teacher's name
  • what is your name
  • hometown/first school
  • your password
  • hometown
  • I hate all of them
  • mother's maiden name is a classic
  • first vacation
  • what is you username?
  • where were you born
  • first job
  • what street did you grow up on?
  • 1st pet name?
The only outlier was the unusually-personally-invasive:
  • What was the first name of the first boy or girl you kissed?

This post's theme word is elutriate (v tr), "to purify or separate, especially by washing or straining." The account security question did nothing to elutriate spurious logins from authentic ones.