Steve Smith provides the basis for an important discussion on account and password security and recovery.
Episode #5-05 released on October 8, 2014
What is the most ridiculous question to have as a password recovery security question? What is your mother's maiden name?
In the age of the Internet, and with the advent of social networking, this question is not a safe one to ask for the protection accounts, and yet, many companies and web-sites still use this as a means of determining who you are.
There are many public services, cellphone carriers, Internet Service Providers, etc... that require a mother's maiden name.
Why is this question still a security question, and why hasn't it been eliminated?
It is convenient to ask, people can remember it easily, and usually people didn't know the answer except for those in your family, and friends. This meant that for a while it was secure, but just barely, but the Internet came, information gathering techniques continued to grow, and social networking became a thing.
But then, there is the other issue. Many people of this generation will not only be unable to answer that question, but it may be unsafe to answer. For a while now, countries like Canada don't even allow the wife to take her husband's last name. So, technically, her maiden name, is her last name. Anyone who is friends on Facebook, and other social networks, with family has the potential of hacking their accounts hijacked.
From the point of view of a client, we need a change in security techniques, or as I like to say, we need to get rid of the dinosaurs in power, and bring in the new blood. Two factor, or multiple factor, authentication is going to be an important step in securing our accounts. We can't just have password recovery or account recovery questions, we need to add more steps to the process, and make it less convenient. By making it less convenient, we will make all of our accounts more secure. We need to start taking our security seriously and all the multiple factor authentication to be used on all web-sites that support it, like Facebook, Twitter, Google, even Paypal.
For more information on how to secure your accounts, go to your account settings and verify that two factor available, if it is, use it. If two factor authentication is not available on large web-sites, please inform the web-site administrators of your interest in security.
Host : Steve Smith | Music : Jonny Lee Hart | Editor : Steve Smith | Producer : Zed Axis Productions