Explore the pitfalls of security questions in this 23-minute conference talk by Jim Fenton at BSidesLV 2015. Delve into account recovery methods, examining why security questions are less robust than other options. Learn about best practices and common mistakes in implementing security questions. Analyze real-world examples, including school-related queries and questions about first names. Discover why certain questions are considered the worst for security purposes. Understand the problems with questions that have multiple correct answers and how they compromise account safety. Examine academic research on the topic and gain insights into creating more secure account recovery systems.
Overview
Syllabus
Account Recovery
Security Questions
Best Practices
Security Questions Are Less Robust
You Must Answer These Questions
Example
School Journey
First Names
Worst Questions
More Than One Right Answer
Low Security
Academic Research
Taught by
BSidesLV
