Answer the question
In order to leave comments, you need to log in
L
L
lexstile2021-08-31 23:15:04
lexstile, 2021-08-31 23:15:04
Is it worth it to change the security question by entering the answer to the same question?
The question is, tell me, please, what do you think about this.
Should I change my security question by entering the answer to the same security question? (by limiting, for example, up to 3 attempts to enter)
We work with an external service, where changing the phone number and personal data is only for a security question.
2 answer(s)
@lexstile
@veryoriginalnickname
U
Uncle Seryozha, 2021-09-01 @lexstile
Already answered:
OWASP says there should still be two-factor authentication, and not an attempt to enter an answer to the user:
Updating Answers.
When the user updates the answers to their security questions, this should be treated as a sensitive operation within the application. As such, the user should be required to re-authenticate themselves by entering their password (or ideally using MFA), in order to prevent an attacker updating the questions if they gain temporary access to the user's account.
PS
Read the article and comments.
V
veryoriginalnickname, 2021-08-31 @veryoriginalnickname
Now I want to change the security question, because I forgot it. And then oops, and I need to answer the same question in order to change it, and there is no other way.
How do you like this trick: can you change the number by security question, and change the security question by SMS to a number?
Or the second trick: make two security questions, and change the first question when answering the second, and vice versa.
Similar questions
N
noname_shaman2014-12-18 21:31:38
How to organize monitoring of calls to the Firebird database?
3Reply
S
U
Uncle Seryozha2016-12-19 07:38:07
What to control on the gateway in terms of security with zabbix?
1Reply
B
D
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question