[Tfug] Authentication procedures

[Bexley Hall]

Hi,

Given: that most people arent computer literate;
And: that most people have to remember dozens of
different passwords;
And: that most "backup" authentication mechanisms
rely on "personal knowledge" (that you have of yourself)
that many people *also* have about you;

What is a realistic scheme for handling "lost passwords"?

E.g., I helped a friend recover a lost password for a
gmail account.  The process was laughable!

The standard "security questions" they ask can easily
be forged by anyone who knows the individual well enough.
E.g., "What's your birthday?"  (wow!  I'm sure NO ONE
knows *that*!!)  "Who is your favorite artist?"
(gee, if it's my favorite artist, chances are I am
listening to them pretty often.  And, those around me
are sure to pick up on my apparent preference for
this artist even if I *don't* explicitly confirm
them to be my favorite!)  "What's the name of your pet?"

<frown>

So, the only realistic way to use these questions is
to provide answers that are just as "random appearing"
as your password is supposed to be, in the first place!
(wanna bet most folks don't do that?)

Likewise, mailing the person's password to their
"secondary email address" just gives a hacker (thief)
a way of leveraging the gain of one email address
to gather passwords for any *other* addresses that
use the first address as the "alternate".

GMail also has a way for folks to "beg for help" when
all else fails -- but, it requires the user to remember,
off the top of their head, several email addresses
that they commonly use ON THAT ACCOUNT!  I suspect
most folks don't remember four frequently used email
addresses, let alone the names of four people that
they "frequently email" (where "frequently" is defined
by GMail in some imprecise manner).  I.e., you need
access to your email account to *see* those addresses

(I probably remember three email addresses, total.
The rest I rely on my address book to track -- or,
just re-reply to an old message lingering in my inbox)

So, given that most people don't properly use passwords,
what makes sense as a scheme to give them a backdoor?

I think, in lieu of security questions, there should
just be a "super secret password" that they never use
(except when they have forgotten their original
password).  And, that the recovery process should
be reasonably painful so they don't rely on it often
(a super secret password that is frequently used is
just as vulnerable to theft, etc.).  Finally, the
super secret password should change with each use
(without the control of the user!) so that it has
to be recorded someplace "safe".

Of course, there's no guarantee that they'll actually
follow any of these procedures.  But, it seems to me
that the procedures in place at, e.g., gmail, are
really pretty silly/ineffective.

(I've never had to try to recover a yahoo password;
perhaps I should try that.  For the most part, I
treat my yahoo, etc. accounts as disposable)

Comments?
--don