Sat, Oct 5 2013 23:32
The password problem
I was helping someone with signing into their online medical account today. They couldn't remember their password and we had to call to get assistance.
We found ourselves talking to an outsourced help desk. Because we couldn't answer the security questions properly (the account was originally set up by her husband who has since passed away), the password will have to be reset via mail.
The experience showcased to me how passwords are not the greatest authentication process. Too much personal information can be accessed by a person on the other side of a phone line who is probably not even in this country.
We need better processes and better ways to authenticate. As we move to more and more online, we're not solving the password problem.
Filed under: Security