Signing in to a service

Authentication by secret answer

A form on a website asking for a password and answer to a secret question.

Description

Access is granted when a user correctly enters information that only they should know. That could be a password, PIN code or answers to secret questions.

Advantages

  • The user can choose information that’s easy for them to remember

Limitations

  • Users may choose information that’s easy for others to guess
  • Users might use the same question or PIN for other services
  • Users might find it hard to remember their answer and write it down, reducing security
  • Users might lose access to the service if they don’t remember the answer

Examples

  • Most authentication uses a form of secret answer