Uninformed: Informative Information for the Uninformed

Vol 7» 2007.May

Failing Stupid

When a user cannot remember their password, likely because they have too many passwords to remember or the password was forced to be too complex for them to remember, many authentication systems provide a mechanism that the author has termed ``failing stupid.''

When the user ``fails stupid,'' they are asked a reminder question which is usually extremely easy for them to answer. If answered correctly, users are presented with an option to either reset their password, have it e-mailed to them, or perform some other password recovery method. When this type of recovery method is available, it effectively reduces the security of the authentication system from the strength of the password to the strength of a simple question. The answer to this question might even be obtainable through public information.