usability: Verification of Challenge Question and Challenge Answer
A website I use regularly requires me to verify my contact information annually. Today, I noticed that the last question on the verification page is for my “Challenge Question” — the question/answer combo that I would need to use if ever lost my password.
Here’s a small screenshot showing this question (click it to see a larger screenshot with more context):
As you can see, it shows the question that I chose to use, but for the answer it shows “xxxxxxxxxxxxxxxxxx”, and says “Your challenge answer has been hidden for security reasons.” Then, it asks me to check a box saying “Yes, the information above is correct.” How can I confirm that my challenge answer is correct, if I can’t see it? The number of x’s does not even correspond to the number of characters in my first pet’s name.
While I appreciate that they do not display this relatively-sensitive information (since it’s almost like a password), I feel like it’s silly to ask me to verify something that I can’t see. I refused to accept that the answer was correct, and went ahead and selected/entered a new Challenge Question/Challenge Answer combination.
subscribe to entries feed
July 1st, 2008 at 9:37 pm
My favorite is the word verifications to foil bots that I can’t read. The secret question is important for my pay pal account since they have such crazy rules for passwords that I can never remember mine. So I can see how hiding this data is important. : )
July 1st, 2008 at 11:48 pm
Have you ever the dog/cat verification that is used to determine if you are human? It’s neat– they use pictures from PetFinder, so at the same time they are blocking spam they are also advertising animals that need a home.
http://research.microsoft.com/asirra/
July 7th, 2008 at 4:13 pm
In regards to the cat/dog verification, what if you do want to adopt that random picture, and you’re in Virginia, and the cat or dog is in California? How does that work?
Oh, I see how it works in the FAQ:
“What’s the point of displaying a pet that’s up for adoption 3,000 miles away?
Asirra is currently in beta-testing. The production version will do geolocation based on client IP address, showing users pets that are nearby. (If more than a few challenges are failed per day by the same IP address, we will fall back to using the entire image database, as a security precaution.) “