No favourites – part two

A visitor to my blog commented on the post “No favourites” saying that her solution to the problem of being asked multiple security questions (none of which might apply) is to use a single word as the answer to all such questions.

So no matter whether they ask what your favourite movie is, or what your least favourite infectious disease is, or who you would most like to come back as if reincarnation were possible and you were run over by split-level sheep transporter, your answer might be “Rumplestiltskin”.

As with many elegant solutions, it is very simple.

Of course, the effect is to reduce all security questions down to one:

“What is your backup password?”

That’s right, all that time trying to come up with clever questions… wasted.

I’m not convinced that asking a bunch of questions to which the user might not be able to relate (or the answers to which might change over time) is the best solution, especially if it leads users to effectively using a backup password.

It makes me wonder whether the requirement was expressed along the following lines:

When a user forgets their password and has to ask for a reminder, we need to be able to ask security questions.

A poor requirements analyst would simply document the requirement as stated, then ask what the security questions should be and hand over the requirement and the list of questions to a developer. I call such people “requirements stenographers” and they are about as useful as a tape recorder but a lot more expensive. Chances are that a developer will simply build what was asked for, rather than questioning the requriement, especially if development is being done off-shore. GIGO.

An analyst, on the other hand, always asks why and by encouraging and helping the customer to find the right words to explain why, something along the following lines might be discovered and documented:

When a user forgets their password and has to ask for a reminder, we need to confirm the identity of the user.

Thus, a good analyst drives down to the real business need and expresses that need in a way that allows the maximum flexibility in producing both business and technical solutions.

4 comments to No favourites – part two

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>