安全提问要考虑所提问题的用户覆盖面,尽量找些通用的题目。就像原文所说的:不是每个人都念过大学,不是每个人都有配偶,即便是有配偶也不是每个人都只有一个…
另外,不要有太多的问题供用户选择,因为各个站点的问题都有可能不同,而用户不可能把每一个站点的选择都记住。生日就是个很好的问题。
The story below comes from Here. By Jared Spool
The security challenge question on Bank of America’s site seems innocuous:
In what year (YYYY) did you graduate from high school?
But, what if the user didn’t graduate high school? (Little known fact: I didn’t graduate high school, so I’m a little sensitive to this question.)
Should the user enter the date they would’ve graduated high school? Should they make up a date? How will they remember something that didn’t actually happen?
It’s surprising how many security challenge questions are unanswerable like this. I doubt it leaves the user with a positive feeling about the experience.
Update: This is from the Vanguard web site:
Where did you and your spouse meet for the first time? (Enter the full name of CITY only)
What about multiple marriages? Widows?
To add insult to injury, the design replaces every letter the user types with a dot, so they can’t see if they’re typing the city correctly. (Again, I grew up in a city named Schenectady. Not something I’d want to type in the dark.)
0 Comments.