Access is granted when a user correctly enters information that only they should know. That could be a password, PIN code or answers to secret questions.
- The user can choose information that’s easy for them to remember
- Users may choose information that’s easy for others to guess
- Users might use the same question or PIN for other services
- Users might find it hard to remember their answer and write it down, reducing security
- Users might lose access to the service if they don’t remember the answer
Most authentication uses a form of secret answer
Was this pattern useful?