What is a more secure way to secure people's data on your website than the typical username and password pairing?
Someone at UPS seems to think an answer to a stupid question is better. These aren't just any stupid questions. These are question that are likely answerable by anyone who knows you. If you pick the right question, there's a good chance that you've even posted the answer to the question on your blog, on Facebook, or even Twitter. So, what is a stupid question? Take a look:
No, these aren't the so-called "security questions" that are used in addition to a username and password pair. This question and answer is being used where a password would typically be found.
All that is needed to access an account is an email address and the answer to a question.
Narrowing people's thinking as they select passwords, and later giving the same clue at login seems almost as insecure as asking for no more than a phone number and zip code. Oh, but that's already taken by Century Link*.
formerly known as Qwest,