Why Security Questions are a Bad Idea

Touted among some as a way to increase security, I always thought of security questions as a step backwards in security. To think that someone can guess a few simple facts about myself instead of the complex password I dreamed up defeats the point of that complex password.

In the old days, if you forgot a password, it was emailed to an email account. Now, most accounts have implemented these security questions and allow you to reset a password by answering the security questions correctly. The problem with this is that, in most cases, the security questions are too simple. Questions like Where were you born, what is your zip code, what is your pet's name, etc. Questions that anybody may be able to figure out by googling your name - particularly if you are a public figure.

In the news today, it was announced that Gov/VP Nominee Sarah Palin's Yahoo email account was broken into using these security questions (http://www.appscout.com/2008/09/hacking_sarah_palin_what_we_ca.php ). Questions such as birthday, zip code, and where did you meet your spouse. Those questions were answered correctly in less than 45 minutes, and then the perpetrator has access to her account and was able to change the password to something else.

Now an email account is a little different than most other website accounts, as you might not have another email address to send a forgotten password to. However, in no case should simple security questions such as these be the sole means of gaining access to the account. Besides the security questions, there ought to be some secondary means of authentication, or some other way to send a forgotten password - this could be sending a password via text message, or a telephone call to the phone number on the account. Security questions should be used to enhance an existing form of authentication. Using security questions as the only form of authentication is a step backwards in the world of security.

Evil OPEC Cartel

The price of oil has dropped by 32% over the past few weeks from a high of $147 to todays closing price of $101. Not that we have also seen gas prices drop by 32%, but that is a rant for another day.

And how does the evil OPEC reward us for the falling price of oil? By cutting output to keep prices high. See, the OPEC countries have grown used to all the oil revenue that has been pouring in, and dropping oil prices mean less revenue to them. Although...less revenue is relative since the price of oil is still far higher than the $20-$30 range pre 2001.

In OPEC's decision to cut oil production yesterday, they said they wanted to cut supply to keep prices above $100. Excuse me? Yes, keep prices above $100.

The high price of oil is hurting our nation's economy, and hurting the worldwide economy as well. We are using less oil now than we were last year because we can't afford to pay for it at $100 let alone the peak of $147.

Now how is it that an organization can just artifically set the price of a commodity? Cartels are illegal in the U.S. and Europe because artificial price fixing is just unfair for the consumer. However, OPEC is not your standard cartel. OPEC is a cartel of nation states. As such, it is immune to anti trust regulations under international law and the doctrine of state immunity.

I guess all I can say is those Bastards!

Noah's First Visit with Mickey!

I just had to post this...