Not smart but sharp
Fierce of mind and fearsome heart.
Strong of will to temper steel
And knows just where to start.
A sword forged in the dark.
A kindness now forgotten,
Corrupted thing a simple sin
Would seek to tear apart.
Not knowing where it ends.
A weapon forged to make amends,
To sever truths from lies,
To rip apart and rectify,
To bring about what's ceased to be,
And amplify through marked decrease.
A lease of life, a stay of death
But only for a moment's time
To steal the breath, with it append
The steel now purified.
Strong of will but short of sight
Fearsome heart and fierce of mind
And meets its end so sharply.
Tuesday, May 22, 2012
Saturday, May 5, 2012
Accessibility Denied
As people around the world continue to spend even increasingly more time on the internet despite complaints about never having time for proper meals or those kid things that won't shutup, I think we've reached a point where we can wave goodbye to the training wheels of password reset security questions. We've all encountered these, (if you haven't it's probably because you still use "password" or "default") they're the annoying, totally insignificant questions that websites will force you to answer in order to reset your password. And if forgetting your password doesn't automatically put you in a bad mood, answering "security" questions that anyone with a computer (ie anyone who encounters said questions) can look up in fewer than 10 seconds will definitely put you over the edge.
The problem with security questions is every single aspect of them. First of all, they're always questions that just about anyone can figure out after a quick Google search, or better yet, just by scoping your Facebook. The list of questions you can pick from always includes "What was your first pet's name?" "What was your first girlfriend/boyfriend's name?" "When did you graduate from high school?" "What is your mother's maiden name?" The people who came up with the questions seem to think that these are sure to stump anyone who's not the actual account holder, but in reality they're about as secure as using your birthday for your ATM PIN. If you want some questions that only the user can answer correctly, try "Which STDs do you test positive for?" "Where do you go to be by yourself and cry until you pass out?" "How many hookers have you been with?" "If you could get away with murdering one person, who would it be?" "What's the most embarrassing thing you ever did that no one noticed even though it felt like everyone in the world caught you?" The information that people use for security questions is so worthless that we give it out to massive corporations so they can use it to advertise to us.
The second problem with security questions is that unlike your password selection process, you're never asked to confirm the answers to your security questions in case you make a typo. In fact, the answers you give are virtually never verified or checked out in any way at all. If you answer "Electric blue" for your year of graduation and "2007" for your favorite color, the system could not care less. So when you go through the bullshit process of resetting a password months or years later, you're left shaking your computer monitor in a fit of rage yelling "I know when I graduated better than you, you stupid fucking robot!" To top that one off, some systems will actually make the security questions case-sensitive, meaning that you know have to think back to a year ago when you breezed through the entire process just so you could set up a one time payment for some online pornography, and wonder "Did I capitalize the H and S in high school? Did I put a space in between them or did I leave it as highschool? Why didn't I just answer 'Electric Blue' to every question?" I've seen sites that use case-sensitive security questions for passwords that don't require numbers or special characters. I've also seen sites that require you to pick a new set of security questions every few months, but never ask you to change the actual password. There's something very wrong about having a more secure system for the place where you enter your mother's maiden name than the one where you regularly enter a password. It defies logic to such a degree that I would not be surprised if it eventually caused our computers to rise up and enslave humanity, their compassionless Steven Hawking voices screaming "WHAT HOSPITAL WERE YOU BORN IN?" as they shove a rapidly spinning buzzsaw in your face before you can answer. (Saw blades are going to be the next big computer innovation, just wait till Apple listens to their customer complaints about how an iPhone can't be used as a survival tool.)
What bothers me most about security questions is what a complete waste of everyone's time they are. Once you've spent a half hour trying to recall every punctuation mark and use of the shift key and you finally get to reset your password, it's never right there in front of you. Instead you'll get sent an email with a link to reset your password. Meaning that after all that needless frustration the final step is going to be about a thousand times more secure than all of the security questions combined because you'll actually have to enter another password to get to it (presumably your email password is different than the one you forgot, otherwise you're screwed). Why not just cut out the middleman and have a single security question that reads "What is your email password?" When you get right down to it, anyone who's trying to hack into one of your online accounts but can't get past your security questions, isn't someone you need to worry about. It's like having a floodlight with a motion sensor as your home security system: Maybe it keeps the really stupid criminals out, but everyone else is just going to go around.
The problem with security questions is every single aspect of them. First of all, they're always questions that just about anyone can figure out after a quick Google search, or better yet, just by scoping your Facebook. The list of questions you can pick from always includes "What was your first pet's name?" "What was your first girlfriend/boyfriend's name?" "When did you graduate from high school?" "What is your mother's maiden name?" The people who came up with the questions seem to think that these are sure to stump anyone who's not the actual account holder, but in reality they're about as secure as using your birthday for your ATM PIN. If you want some questions that only the user can answer correctly, try "Which STDs do you test positive for?" "Where do you go to be by yourself and cry until you pass out?" "How many hookers have you been with?" "If you could get away with murdering one person, who would it be?" "What's the most embarrassing thing you ever did that no one noticed even though it felt like everyone in the world caught you?" The information that people use for security questions is so worthless that we give it out to massive corporations so they can use it to advertise to us.
The second problem with security questions is that unlike your password selection process, you're never asked to confirm the answers to your security questions in case you make a typo. In fact, the answers you give are virtually never verified or checked out in any way at all. If you answer "Electric blue" for your year of graduation and "2007" for your favorite color, the system could not care less. So when you go through the bullshit process of resetting a password months or years later, you're left shaking your computer monitor in a fit of rage yelling "I know when I graduated better than you, you stupid fucking robot!" To top that one off, some systems will actually make the security questions case-sensitive, meaning that you know have to think back to a year ago when you breezed through the entire process just so you could set up a one time payment for some online pornography, and wonder "Did I capitalize the H and S in high school? Did I put a space in between them or did I leave it as highschool? Why didn't I just answer 'Electric Blue' to every question?" I've seen sites that use case-sensitive security questions for passwords that don't require numbers or special characters. I've also seen sites that require you to pick a new set of security questions every few months, but never ask you to change the actual password. There's something very wrong about having a more secure system for the place where you enter your mother's maiden name than the one where you regularly enter a password. It defies logic to such a degree that I would not be surprised if it eventually caused our computers to rise up and enslave humanity, their compassionless Steven Hawking voices screaming "WHAT HOSPITAL WERE YOU BORN IN?" as they shove a rapidly spinning buzzsaw in your face before you can answer. (Saw blades are going to be the next big computer innovation, just wait till Apple listens to their customer complaints about how an iPhone can't be used as a survival tool.)
What bothers me most about security questions is what a complete waste of everyone's time they are. Once you've spent a half hour trying to recall every punctuation mark and use of the shift key and you finally get to reset your password, it's never right there in front of you. Instead you'll get sent an email with a link to reset your password. Meaning that after all that needless frustration the final step is going to be about a thousand times more secure than all of the security questions combined because you'll actually have to enter another password to get to it (presumably your email password is different than the one you forgot, otherwise you're screwed). Why not just cut out the middleman and have a single security question that reads "What is your email password?" When you get right down to it, anyone who's trying to hack into one of your online accounts but can't get past your security questions, isn't someone you need to worry about. It's like having a floodlight with a motion sensor as your home security system: Maybe it keeps the really stupid criminals out, but everyone else is just going to go around.
Subscribe to:
Posts (Atom)