Normally, I would never really rant on our beloved blog but seeing no-one from our space really wants to blog stuff, I'll try to keep it alive with my ranting about the "security questions" as back-up to a password. :) Yesterday I received my new mobile phone, a Sony Ericcson Xperia Neo. I was browsing the security options to look for screen lock and to set passwords...
Yesterday I received my new mobile phone, a Sony Ericcson
Xperia Neo. I was browsing the security options to look for screen lock and to
set passwords, this because I'm a suPeRseCuReHax0r-man of course! Cool, I can
set my own "pattern" to draw as password, I kinda like that. It's not
like numbers where a lot of people use default numbers like "1111",
"0000" or "1337" and of course easy to remember numbers
like dates for example. On the other hand, I think a pattern is a bit easier to
steal while shoulder surfing, but that's another issue.
After setting my own pattern I get a pop-up; "Security
question - You need to select a security question as a backup solution, in case
you forget the pattern." where I can only select "OK". Now I get
to choose between four options, the questions are set - I can't make my own. I
need to choose between:
- What is your mother’s maiden name?
- What is your place of birth?
- What is your favourite place?
- What is your favourite film?
The first two questions are pretty easy to find out if you
know the name of the owner of the phone, they are set and unchangeable. The
latter two are usually easy to find if the owner of phone uses social media
like Facebook for example, other than that – they seem pretty easy to social
This is 2011, this phone is brand new and they make security
“errors” like this. It annoys me. This is not the first time I’ve seen it, it’s
a well-known flaw in security at a lot of sites. Half of the time some kid’s Hotmail
gets hacked, it’s because he or she set a stupid security question which got
answered by someone who knows how Google works.
People who are into security or those who are more aware of
it know that entering something like this is silly. That’s not the problem. It
becomes a problem when kids, elderly people or just people who don’t have a
lot of experience with technology set these
answers, they don’t second-guess when technology comes up with a question, they
just add it and are happy about it. I expected people at a huge company like
Sony-Ericcson to foresee stupid flaws like this, especially because it’s been
known for years.
A solution? A temporary solution could be entering a random
answer. What is my mother’s maiden name? Well, it’s “tUm$Gjfk%p” of course! It’s
the only solution I can think of at the moment, seeing I have to enter
something. But, I’d like to see this "feature" to be gone or fixed in an upcoming patch.
This isn’t really a lash-out towards Sony-Ericsson, I just
get annoyed by these big companies with lots of money that still make stupid mistakes like this. We
have a Dutch saying which translates to “It was the drop that made the bucket
overflow” which suits the reason why I wrote this blog perfectly but now I have to use the English “the straw
that broke the camel's back". :)