Company Services Training Resources News & Events Contact

New Application Security Resource "The App Sec Advisor"

Tips for Avoiding Bad Authentication Challenge Questions - White Paper


New On-Demand Web Cast: The AppSec Maturity Continuum.

Tips for Avoiding Bad Authentication Challenge Questions

Overland Park, KS – July 6, 2007

Security PS has released a new white paper reviewing challenge question authentication systems. Challenge questions ask a user for an answer to a personal question in an attempt to confirm their identity. Many of our clients in the financial industry have implemented challenge questions to meet the new FFIEC guidelines for online authentication.

In the first of two white papers on the subject, Senior Consultant Bruce K. Marshall discusses how to choose challenge questions. He introduces the 5 characteristics of good challenge questions and shares his evaluation of some of the questions we’ve seen implemented. Bruce points out that some of the more popular challenge questions aren’t ones that actually provide adequate application security.

The white paper also shares statistics from research papers which answer questions like “how often do users forget their answers” and “how easily can others guess the answers”.

Download this white paper today if you’d like to see how your organization can improve the security of challenge question authentication.

http://www.securityps.com/resources/pdf/TipsforAvoidingBadQuestions.pdf

 

Learn more about Security PS by emailing us at info@securityps.com or by calling +1 (877) 977-7462.
 
 
© 2005-2007 Security Professional Services, Inc. All Rights Reserved | Legal & Privacy Statement