14 Sep 2011

“Security Questions”

From OWASP Development Guide

Applications MUST NOT implement questions and answers as they are contrary to most privacy regimes and ineffective

http://code.google.com/p/owasp-development-guide/wiki/WebAppSecDesignGuide_D2

Personal note: web apps that allow you to bypass password authentication via security question/answer drive me batty. I have half a mind to start contacting the webmasters to show them the above.

Aleksey

Aleksey_Tsalolikhin	spp
Kacoroski, Ski	Damon, Lee
Boris, John	tep
borwick	caseybea
jessetrucks	LOPSA Blogs Admin
McCullough, Mark	hcoyote
stpierre	trey
Matt_Simmons	fatherlinux
nhruby	lois
Constantine, Craig	wnl
jdetke	drich
mhalligan	doug
jlothian	jennine
Philip Kizer	jeremyc
lufthans	English, Paul
moose	warner
Evan_Pettrey	villyard
asachs228	nicolefv
wbilancio	nickanderson
unicityd	mharlow
allberyb	d_white
apthorpe	mdisney
mjulian	solarce
nnmiller	TheDreamer
morgajel	jgsmith