Jorge's Quest For Knowledge!

All You Need To Know About Identity And Security On-Premises And In The Cloud. It's Just Like An Addiction, The More You Have, The More You Want To Have!

(2010-09-24) Security Questions For The FIM QA Gate

Posted by Jorge on 2010-09-24


One of the coolest features in the current version of FIM 2010 is the ability to reset your own password without even contacting the service desk (helpdesk). The feature is called Self-Service Password Reset (SSPR). However, being able to reset your own password you must authenticate yourself. You can’t do it the regular way (username and password) because you just forgot your password. The way FIM authenticates you before you are able to reset your own password, is by letting you answer certain questions with regards to your own person. For FIM to be able to check you have answered those questions correctly, you need to register the answers to those questions. So, with SSPR the user is authenticated by first providing the domain and username and then answering the questions that are shown and for which the answers have been registered.

Looking at the availability of social networks on the internet (LinkedIn, Facebook, Hyves, etc.), it is almost not possible to not find the smallest information about anyone. So the real difficulty for the FIM QA Gate is by finding string questions that in general can only be answered by the individual that also registered those questions.

The following site has an interesting list of GOOD, FAIR and BAD questions that could be used in the FIM QA Gate, or any other product that uses a similar authentication mechanism.

SOURCE: http://www.goodsecurityquestions.com/examples.htm

 

GOOD

What was your childhood nickname?

In what city did you meet your spouse/significant other?

What is the name of your favorite childhood friend?

What street did you live on in third grade?

What is your oldest sibling’s birthday month and year? (e.g., January 1900)

What is the middle name of your youngest child?

What is your oldest sibling’s middle name?

What school did you attend for sixth grade?

What was your childhood phone number including area code? (e.g., 000-000-0000)

What is your oldest cousin’s first and last name?

What was the name of your first stuffed animal?

In what city or town did your mother and father meet?

Where were you when you had your first kiss?

What is the first name of the boy or girl that you first kissed?

What was the last name of your third grade teacher?

In what city does your nearest sibling live?

What is your youngest brother’s birthday month and year? (e.g., January 1900)

What is your maternal grandmother’s maiden name?

In what city or town was your first job?

What is the name of the place your wedding reception was held?

What is the name of a college you applied to but didn’t attend?

Where were you when you first heard about 9/11?

 

FAIR

What was the name of your elementary / primary school?

What is the name of the company of your first job?

What was your favorite place to visit as a child?

What is your spouse’s mother’s maiden name?

What is the country of your ultimate dream vacation?

What is the name of your favorite childhood teacher?

To what city did you go on your honeymoon?

What time of the day were you born?

What was your dream job as a child?

What is the street number of the house you grew up in?

What is the license plate (registration) of your dad’s first car?

Who was your childhood hero?

What was the first concert you attended?

What are the last 5 digits of your credit card?

What are the last 5 of your Social Security number?

What is your current car registration number?

What are the last 5 digits of your driver’s license number?

What month and day is your anniversary? (e.g., January 2)

What is your grandmother’s first name?

What is your mother’s middle name?

What is the last name of your favorite high school teacher?

What was the make and model of your first car?

Where did you vacation last year?

What is the name of your grandmother’s dog?

What is the name, breed, and color of current pet?

What is your preferred musical genre?

In what city and country do you want to retire?

What is the name of the first undergraduate college you attended?

What was your high school mascot?

What year did you graduate from High School?

What is the name of the first school you attended?

 

POOR

What was your favorite sport in high school?

What is the name of the High School you graduated from?

What is your pet’s name?

In what year was your father born?

In what year was your mother born?

What is your mother’s (father’s) first name?

What is your mother’s maiden name?

What was the color of your first car?

What is your father’s middle name?

In what county where you born?

How many bones have you broken?

What is the first and last name of your favorite college professor?

On which wrist do you wear your watch?

What is the color of your eyes?

What is the title and artist of your favorite song?

What is the title and author of your favorite book?

What is the name, breed, and color of your favorite pet?

What is your favorite animal?

What was the last name of your favorite teacher?

What is your favorite team?

What is your favorite movie?

What is your favorite teacher’s nickname?

What is your favorite TV program?

What is your least favorite nickname?

What is your favorite sport?

What is the name of your hometown?

What is the color of your father’s eyes?

What is the color of your mother’s eyes?

What was the name of your first pet?

What sports team do you love to see lose?

In what city were you born?

What is the city, state/province, and year of your birth?

What is the name of your hometown newspaper?

What is your favorite color?

What was your hair color as a child?

What is your work address?

What is the street name your work or office is located on?

What is your address, phone number?

Make sure to also read: http://www.goodsecurityquestions.com/index.htm#insecure

 

Cheers,
Jorge
———————————————————————————————
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always evaluate/test yourself before using/implementing this!
* DISCLAIMER:
https://jorgequestforknowledge.wordpress.com/disclaimer/
———————————————————————————————
############### Jorge’s Quest For Knowledge #############
#########
http://JorgeQuestForKnowledge.wordpress.com/ ########
———————————————————————————————

One Response to “(2010-09-24) Security Questions For The FIM QA Gate”

  1. […] questions to use within the QA gate have a look at the following blog post: (2010-09-24) Security Questions For The FIM QA Gate. Make sure the questions you use apply to your employees, their language of even […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: