I don’t know who is advising you, but your security model SUCKS. It is RIDICULOUS to use a “secret question” to keep my account secure. Yes it’s true that a lot of answers will be very unique. But [a] it’s difficult for a user to remember exactly what they put, since they are all subjective questions [b] do a little audit of your database, I bet a solid 1% or more of the selected questions were “who would you most like to meet” with the answer being “jesus”.
Furthermore, I honestly do not have an answer to any of the questions!! I didn’t have any pets as a child, I didn’t have a hero, and I don’t have superlative feelings for ANY member of ANY of those categories. I am going to have to basically make something up, and then WRITE MY ANSWER DOWN SOMEWHERE.
What ever happened to date of birth, mother’s maiden name, and email verification with forced password change? I know there is still a small cleartext hole in that system. Maybe you have statistics that show that your system is more secure than what I propose. If so I apologize for my hurtful, ignorant criticism.
Thank you for your time,
John Joseph Bachir
AT&T Wireless is a ripoff. If u are a new customer u can get a Sony 580i Walkman for $19.99 plus a free 1gb memory chip and a 2 year plan.However if u are an existing cutomer with no extended term agreement they want 79.99 no memory chip included and a new two year comittment. The offers are cleverly hidden on their website so not to let existing cusotmers know what AT&T is doing for new customers. After many years as a Cingular customer I’m going elsewhere.