New Security Question requirement

Collapse
This topic is closed.
X
X
 
  • Time
  • Show
Clear All
new posts
  • drmweaver
    New Member
    • Jul 2015
    • 3
    • 5.1.x

    New Security Question requirement

    I understand the need for the added security of the question and response that you have added but I suggest allowing the client to make their own question and answer. I normally do not use sites that have a static set of security questions since, in doing so, you are giving away information that you might not want to give the site as that now is private information the site has that can be used to gain access to their lives elsewhere (at other sites that also have similiar static security questions). This is a general security problem. I am not suggesting that I don't trust vbulletin but I should not be put into that situation where I must decide to open myself up to any site with my personal information that can be used against me. With the ability to choose the question I now am able to choose what personal information I give away.
  • Wayne Luke
    vBulletin Technical Support Lead
    • Aug 2000
    • 73976

    #2
    Are you talking about the Member's Area? This isn't new and has been in place for over a decade now. You're not required to give out any information. All you're required to do is remember the answer you provided. You can do something like "What is your favorite Book?" Answer: ;laoweuiwl;rfjzsf;lsdk

    As long as you remember the answer, you're good to go.
    Translations provided by Google.

    Wayne Luke
    The Rabid Badger - a vBulletin Cloud demonstration site.
    vBulletin 5 API

    Comment

    • drmweaver
      New Member
      • Jul 2015
      • 3
      • 5.1.x

      #3
      Originally posted by Wayne Luke
      Are you talking about the Member's Area? This isn't new and has been in place for over a decade now. You're not required to give out any information. All you're required to do is remember the answer you provided. You can do something like "What is your favorite Book?" Answer: ;laoweuiwl;rfjzsf;lsdk

      As long as you remember the answer, you're good to go.

      I am referring to these forums. I have logged in before ( much sooner than a decade ago ) and was not presented with it. This time the forums would not let me continue without creating a response to one of the static questions. Yes, I understand the logic and how to proceed. My post was to recommend rethinking the way it's done. I am finding a lot of social sites are using this method and I simply don't bother logging into them if I don't have to as I don't trust everyone on the net enough to give them that sort of personal information. Information that can be used else ware as a useful tool for identity theft or gain access to sensitive places that also use static questions.

      Comment

      • In Omnibus
        Senior Member
        • Apr 2010
        • 2310

        #4
        If you're that concerned about dissemination of personal information you should log off the internet permanently. Nothing is 100% secure. I do, however, find it amusing that while I've been using vBulletin for almost sixteen years and have never been hacked I did receive a security flag contact from American Express last month about someone using my card to purchase an $18,000.00 Rolex in Taiwan. That card has a chip and 256 bit encryption. The point is, you can rethink it all you want but there is nothing a determined hacker can't eventually break.

        Comment


        • Replicant
          Replicant commented
          Editing a comment
          Can I borrow your card too? I'd like to buy a new Rolex, you know, just because.
      • Paul M
        Former Lead Developer
        vB.Com & vB.Org
        • Sep 2004
        • 9886

        #5
        Ummm ... on the forum ?

        What question is this, where ?
        Baby, I was born this way

        Comment

        • drmweaver
          New Member
          • Jul 2015
          • 3
          • 5.1.x

          #6
          Originally posted by ProSportsForums
          If you're that concerned about dissemination of personal information you should log off the internet permanently. Nothing is 100% secure. I do, however, find it amusing that while I've been using vBulletin for almost sixteen years and have never been hacked I did receive a security flag contact from American Express last month about someone using my card to purchase an $18,000.00 Rolex in Taiwan. That card has a chip and 256 bit encryption. The point is, you can rethink it all you want but there is nothing a determined hacker can't eventually break.

          While what you have conveyed may be true, nothing you have responded with came close to my point I am not worried at all about being hacked. I, however, am not about to help myself get hacked either through faults of my own. Besides, my statement was floating around my head and since there was a spot for it here I thought I would pass it on. At the end of the day I still choose if I utilize the forums and all that goes with it.

          Comment


          • In Omnibus
            In Omnibus commented
            Editing a comment
            At the beginning of the day it doesn't matter what your security question is if someone knows the answer or hacks your account. Are you trying to convince us you would have a unique security question and answer for every site you've ever visited on the internet and somehow store all of that information in a secure location other than your head? Virtually no one's memory is that good.

          • drmweaver
            drmweaver commented
            Editing a comment
            If the site is important enough to log in to it is important enough to retain the information I give to it, I don't, however, retain this information in my head normally. I use Keepass. It is one of the most brilliant utilities on the Net IMHO. I use to use PasswordSafe but KeePass offers a lot more options including file attachments and interface intuitiveness. Yes, this too could be a point of failure but it's an option I believe to be worth using.
        • Wayne Luke
          vBulletin Technical Support Lead
          • Aug 2000
          • 73976

          #7
          Originally posted by Paul M
          Ummm ... on the forum ?

          What question is this, where ?

          There should be no new security question on this forum.
          Translations provided by Google.

          Wayne Luke
          The Rabid Badger - a vBulletin Cloud demonstration site.
          vBulletin 5 API

          Comment

          widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
          Working...