It didn’t take 500 million hacked Yahoo accounts to make me hate, hate, hate password reset questions (otherwise known as knowledge-based authentication or KBA). It didn’t help when I heard that password reset questions and answers — which are often identical, required, and reused on other websites — were compromised in that massive hack, too.
Is there any security person or respected security guidance that likes them? They are so last century. What is your mother’s maiden name? What is your favorite color? What was your first pet’s name?
To read this article in full or to leave a comment, please click here