Don't Use Hopelessly Vague Security Questions

1.0Lifehacker Australiahttps://www.lifehacker.com.aujohnsmithushttps://www.lifehacker.com.au/author/johnsmithus005gmail-com/Don't Use Hopelessly Vague Security Questionsrich600338<blockquote class="wp-embedded-content" data-secret="WzdKw6YtPQ"><a href="https://www.lifehacker.com.au/2013/05/dont-use-hopelessly-vague-security-questions/">Don’t Use Hopelessly Vague Security Questions</a></blockquote><iframe sandbox="allow-scripts" security="restricted" src="https://www.lifehacker.com.au/2013/05/dont-use-hopelessly-vague-security-questions/embed/#?secret=WzdKw6YtPQ" width="600" height="338" title="“Don’t Use Hopelessly Vague Security Questions” — Lifehacker Australia" data-secret="WzdKw6YtPQ" frameborder="0" marginwidth="0" marginheight="0" scrolling="no" class="wp-embedded-content"></iframe><script> /*! This file is auto-generated */ !function(d,l){"use strict";l.querySelector&&d.addEventListener&&"undefined"!=typeof URL&&(d.wp=d.wp||{},d.wp.receiveEmbedMessage||(d.wp.receiveEmbedMessage=function(e){var t=e.data;if((t||t.secret||t.message||t.value)&&!/[^a-zA-Z0-9]/.test(t.secret)){for(var s,r,n,a=l.querySelectorAll('iframe[data-secret="'+t.secret+'"]'),o=l.querySelectorAll('blockquote[data-secret="'+t.secret+'"]'),c=new RegExp("^https?:$","i"),i=0;i<o.length;i++)o[i].style.display="none";for(i=0;i<a.length;i++)s=a[i],e.source===s.contentWindow&&(s.removeAttribute("style"),"height"===t.message?(1e3<(r=parseInt(t.value,10))?r=1e3:~~r<200&&(r=200),s.height=r):"link"===t.message&&(r=new URL(s.getAttribute("src")),n=new URL(t.value),c.test(n.protocol))&&n.host===r.host&&l.activeElement===s&&(d.top.location.href=t.value))}},d.addEventListener("message",d.wp.receiveEmbedMessage,!1),l.addEventListener("DOMContentLoaded",function(){for(var e,t,s=l.querySelectorAll("iframe.wp-embedded-content"),r=0;r<s.length;r++)(t=(e=s[r]).getAttribute("data-secret"))||(t=Math.random().toString(36).substring(2,12),e.src+="#?secret="+t,e.setAttribute("data-secret",t)),e.contentWindow.postMessage({message:"ready",secret:t},"*")},!1)))}(window,document); </script> Password reset questions may seem like a necessary evil if you’re building any kind of system which requires users to log in. However, the process becomes utterly pointless if you make the questions so vague as to be too hard to remember.