A common way to verify users who have forgotten their password is to have them pick answers to “secret questions.” If you’re designing a website, you may want to avoid some of the common pitfalls found in secret question designs. Otherwise, you risk not only annoying your users, but also compromising their data.
Are Secret Questions Really Secret?
The biggest problem with secret questions is that the answers may not be all that secret. You may recall that years ago, Paris Hilton’s cell phone was “hacked” because someone was able to look up the name of her pet online. Unfortunately, even today, many websites still require users to select among a small number of canned questions, all of which ask for personal information that someone else may be able to acquire. The only way for a user to pick a truly secure answer is to type something that’s not really the answer to the question. But then the “secret question” is merely another password that even the authorized user may forget, which defeats the whole point of the “secret question” concept.
From Bad Practice to Best Practice
This bad practice is often exacerbated by making users pick multiple secret questions via dropdowns that don’t update to reflect the fact that user has already picked some of those questions. This may annoy users, since it’s illogical that a secret question that the user already picked shows up in the list again when that user has to pick a second or third secret question.
To implement “secret questions” securely, it’s best to allow the user to type both the question and the answer. When the custom secret question is used, the user is shown the question that he/she typed, which will help the user remember the correct response. Allowing users to type the question itself not only increases security; it’s also easier to implement, since there are no dropdown boxes to update.