Choosing one that nobody else could easily guess, I wondered what it could be used for. It turns out there is only one usage, to unlock an account if you cannot otherwise use the original email address and password. To avoid someone changing the security answer if they managed to hack the account, the answer cannot be changed.
I had hoped the security question would be asked each time I logged in, even if only as an option I could switch on or off. This would have provided a third level of security, in addition to username and password. As with many cloud systems, the userid for Facebook is an email address which is usually public knowledge. The only barrier then is the password, which can often be easily guessed. Having to answer an additional security question would make the account much more difficult to hack.
For many apps, it’s important to avoid an account being hacked. For accounting, a hacker could post an invoice for payment, or could glean private information. For CRM, customer contact information could be stolen.
Almost every banking system has at least three levels of security, such as a PIN, a second password, or the use of some physical device. They also tend to ask for random letters from the PIN or password, so the whole password can't be intercepted.
When you assessing whether to use a specific cloud-based system, what access security is provided? If just a userid and password, then is that sufficient for that system and your data?
No comments:
Post a Comment