Although people are, by and by, in all kinds of social networks, online shops, financial services, and soon the Hairdresser next door clicks digital identities together, you stand at the beginning again and again facing the same questions:
- What username should I give to me?
- Which password is secure enough in this case?
- What if I forgot my username or password (or both)?
Question 1 is usually easy to answer today, as it is used as the user in many websites 
Question 3, however, offers the most flexibility: Here are all possible methods that turn the core question that as a poor, forgetful of a drip anonymous, to prove other side of the world must domiciled website that you are ICH. Said they had never to this site more traffic than a few mouse clicks and entering some information (name, address, bank account), has reviewed this site may never.
Since not all pages after the procedure ' Forgot your password? I do not care, I'm just a new login to ... process' must be one can necessarily deal with this issue. And a method that one encounters again and again, the security question .
What is the idea of the security question?
is Setting the query it comes to the web page the Passwortvergesser presents a question they should answer or anything. Now the site is already a prior question, namely ' Parole! '(or more precisely,' username and password '!) That could not answer.
The security question, however, the idea that here is a question that which is used fully in the life of Passwortvergessers. So for example, ' What is the name of your mother? ', other examples below. The type of question, which one also can not answer then, if you have after a one-handed circumnavigation of the globe really forget everything else.
At this point it is important to emphasize again the relevance of the security question is: Who can answer correctly, can take over the account and then there will be really difficult to go to his digital identity. The choice of the security question must therefore be taken as seriously as the password. And here the problem begins ... What
is actually still a good security question, where we give it everything known about us in Facebook, Twitter, Buzz and Co.?
The security questions are there sites that offer a fixed selection of question suggestions and sites where you can formulate a separate issue, and pages with two options. difficult to assess which option is better: in any case, it's all about a question to find that you can answer even still after you forget everything else, which is but for strangers, and perhaps for less stranger a hard nut .
was only logical, therefore, been questions about the private conditions, just because private in the old days = secret was. When you register with another Internet service, I stood for the first time seriously face the question of which of the predetermined questions probably would truly as security question come into question, especially given my use of various social networks, blogs, etc. A good starting point for an overview, even for an attacker, here is my Google Profile .
Although the considerations here are individual, they are also to be understood at some generalized questions. Perhaps considering the reader about the reader in parallel to perform like the answer from his / her term would?
questions on the family
This group includes questions such as:
- What is your mother's maiden name? (A question that is based on the assumption that mothers are married over and change her name at marriage)
- How is the second first name of your father?
- In which year your parents married?
appears this kind of question to me unsafe in several ways: The name of my mother can be found in our latest blog Café, probably is found in those publications of her stories also a reference to their birthplace. In this tiny place you can count the few farms on one hand and find out the name. Also, the full name of the father should not be a really serious problem.
The wedding date is at first glance perhaps a little more secure because we have not yet occurred to any pictures of family events with titles such as silver wedding 19XX or so online. On the other hand, can be reasonably sure about my age close to the wedding year and my age can again be elicited roughly about the data to my education (eg university degree). Or directly from my Facebook account.
In all questions to the family then you have to take into account also that close relatives also have representative offices in social networks and there might be just the answer to divulge their own security question. Hence my conclusion: Rather no safety issue with respect to the family.
questions on pets
The next group of questions is somewhat similar to the previous, except that they do not turn to human family members, but animal:
- What is the name of your first pet?
- What is the name of your dog / cat of your / your horse?
This question may possibly by Category Using the social networks are easily answered. For me it would not hard, as our current pet is and what kind of pet is. In particular, photo albums here are perhaps especially revealing, if somewhere THE ANIMAL creeps into the picture and then maybe even mentions in the subtitle.
And then I still have the special problem that I can not remember my pets from veeery earlier (were just too many on the farm).
questions on educational background or professional
In this category I would like to sort questions like the following:
- What is the name of your first school?
- Who was your favorite teacher in school?
- Who was your first boss?
The question of all schools, colleges, nurseries and other educational institutions so is one that starts in a Facebook same, and one can avoid difficult (otherwise it is not so fun). And to answer the question of what teachers are there to which school you can use or a la spickmich.de . Ok, that works now no one wants to determine if the teachers of my old school, but for today's generation of trainees in school and you should therefore get very far.
Even the professional resume should / will be naturally present as extensive as possible, not only on Facebook, but also in the plain old curriculum vitae, which is of course the net. The question of the first boss in a company could still outsiders might be difficult to answer, if found on the company's web site is not comprehensive representations of their own leadership structures in the historical context.
In my case, to answer this question very easily, it is enough to read the CV.
questions possessions
Rounding out the small list now is a fourth variety of issues and thus concludes: From
- which Type and what color was your first car?
- What's your first frequent flyer number?
- What number does your Bibliotheksauswweis?
This category of questions has, in my view the major problem in most cases you can not use it because you have no car, no frequent flyer and has lost his old identity from the public library years ago.
When asked about the first car and its color, which I had actually taken into consideration, I made clear to me then two individual problems:
- What for me is actually the first Car? The family car that you could borrow before, or the small car that had actually paid for itself? And
- How should I formulate my answer? ' Opel, green ' or ' a green Opel Corsa ' or, or ...
At this point, a further problem of prompt visible: How sure am I that I have the same question in a few years back in the same way, both content and answer in the form that will? Or have a space would be enough, more or less to the website with rejects?
security question: Quo vadis?
After all the doubts about the safety of the security issues: what to do? Ultimately, it depends how much in all security matters on their own paranoia, particularly in relation to the real social environment: will I already anticipate that my friend 
Simpler is probably a different depending on the importance of the application procedure: When a website on which it is a matter of course you can take any question and they answer correctly or completely arbitrary.
Entering any (= random) response but can also be a strategy for the very important pages are: if you look at the random answer notes or, better write down and somewhere safely stored (preferably in passwords;), there is such a safe and barely cracking way to restore his account access.
Or you do not notice the random answer! In this case, the back door security question put to an end and it can not be used by evil foreigners (but not of oneself). Then you have to write just that password and safe place. And if the problem of the password is never-lose-more-solved, there is also really no longer a need for a security check:)
0 comments:
Post a Comment