On several signup forms I see fields such as "Choose your Memorable Password Question". Is this actually benifical nowadays? Surely a more secure method if someone forgets their password is to build a service to email them a secure link to reset their password? Also, what if they can't think of a memorable piece of information at the moment they're requested to enter it into a form? Surely the less required fields there are on a signup form the better.
The only time I can think that a memorable password question could be useful is for signing up for an actual email account; because you can't actually send a password reminder / reset to an address if that person can't actually access their email.
Is this an outdated concept, or does it provide genuine user benefits that I can't currently think of? (such as the giving the user the appearance of security - making them feel secure even if it actually provides no geniune security).
Answer
(Not really a UX question, imo.)
But here's what Bruce Schneier has to say about secret questions (which are bad for the same reasons hints are bad). Nuff said.
No comments:
Post a Comment