Not hot
A warm malty bedtime drink
Day of the week
The opposite of red
(Answers on the next page)
If we can rely on one other certainty in this world other than death and taxes, it is forgotten passwords. It's an ailment that affects us all, and we all have our own ways of dealing with it. Some of us stick to a single password that we use everywhere - whether it's a pet's name, a memorable date or the make of our monitor. Some of us use one password for each service we access, and then promptly forget each and every one. Some of have thrust upon us by (rightly) paranoid system admins very safe, very convoluted passwords that we promptly write down on a post-it note and stick to our monitors. A few very peculiar souls actually make up their own very safe, very convoluted passwords (over eight characters with non-alpha characters please) that they actually remember them, but I'm not convinced that these people actually exist.
The problem with passwords is that they are so essential but so susceptible to human nature -- which, as someone once said, cannot be slandered; it is worse than words can paint it. Passwords have an uncommon ability to draw out from the most successful, sensible and intelligent individual, an idle Neanderthal with the memory of a lobotomised goldfish. They make us stupid, but we should all by now have come to expect and accept that.
We ignore this fact at our risk, as did B&Q when it designed its e-commerce Web site at diy.com. Now B&Q is a huge home improvement store with over 100 warehouses. Its parent company Kingfisher conducted over £6bn in sales during 2002. It has a very impressive Web site from which you can order everything including the kitchen sink.
But, of course, you have to log in with a username and password to do so. Now B&Q customers, like the rest of us, forget their passwords -- a fact that B&Q obviously accepted and attempted to deal with by offering a password reminder.
This is where it all went wrong. There are several ways of dealing with password reminders: one is to email the password, once the correct answer to the password has been entered, back to the customer using the email address they entered when first registering. Emailing the password in this way is commonly accepted as good practice.
Some sites offer a set of fixed password reminder questions, and then display the password on screen. This is not such good practice, because the prompts are often for information that a determined and skilled social engineer could discover surprisingly easily.
B&Q went one step further.
Talkback
Hi Matt,
Question for you... I bought a laptop for my son for college/ this years x-mas gift, anyway I was wondering since it is a college and someone might try to steal it is there a chip that can be put in the laptop so when the person who steals it can get caught like through the internet? I am trying to find out through online security sites but not knowing anything about computers thought I would ask you. I just would hate to see all the money they rob you for for a laptop if I can find it if someone steals it. Any or all info. you could provide would be greatly appreciated.
lgibbs0415@aol.com Thanks again Linda