Showing posts from January, 2014

Security Questions and password security in Web Applications

Security questions: Today almost every web application uses security questions to identify the user, especially when the user forgets password.  However these security questions pose a major security risk, if they are not properly thought of. Most of the times we come across simple questions like 'In which city you were born' ,'What is your favorite movie' etc.  Nowadays there is so much information on social networking sites, that a little research will give us all the information needed. Information on favorite movie/actress etc, can be mined by following the 'likes' the user has clicked. The questions have to be smart enough to avoid questions on events which occurred in the person's life, and also avoid questions on person's taste and likes.  Rather, the questions should evoke answers (sometimes strange) which cannot be guessed. How about these  questions :  'Name a city which you never visited', (definitely this will have a lar