Skip to content

Commit

Permalink
chore: Fix a typo (missing white space between sentences) (#1090)
Browse files Browse the repository at this point in the history 
* chore: Fix a typo (missing white space between sentences)

'Both methods are prone to insecurities.Ideally, security questions should generate'

--- Missing a white space between 'insecurities' and 'Ideally.' This commit adds the missing white space.
  • Loading branch information
@soobinrho
soobinrho authored Aug 8, 2023
1 parent becf921 commit 1aac919
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions ...sting/04-Authentication_Testing/08-Testing_for_Weak_Security_Question_Answer.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,8 @@

Often called "secret" questions and answers, security questions and answers are often used to recover forgotten passwords (see [Testing for weak password change or reset functionalities](09-Testing_for_Weak_Password_Change_or_Reset_Functionalities.md), or as extra security on top of the password.

They are typically generated upon account creation and require the user to select from some pre-generated questions and supply an appropriate answer. They may allow the user to generate their own question and answer pairs. Both methods are prone to insecurities.Ideally, security questions should generate answers that are only known by the user, and not guessable or discoverable by anybody else. This is harder than it sounds.
Security questions and answers rely on the secrecy of the answer. Questions and answers should be chosen so that the answers are only known by the account holder. However, although a lot of answers may not be publicly known, most of the questions that websites implement promote answers that are pseudo-private.
They are typically generated upon account creation and require the user to select from some pre-generated questions and supply an appropriate answer. They may allow the user to generate their own question and answer pairs. Both methods are prone to insecurities. Ideally, security questions should generate answers that are only known by the user, and not guessable or discoverable by anybody else. This is harder than it sounds.
Security questions and answers rely on the secrecy of the answer. Questions and answers should be chosen so that the answers are only known by the account holder. However, although a lot of answers may not be publicly known, most of the questions that sites implement promote answers that are pseudo-private.

### Pre-generated Questions

Expand Down

0 comments on commit 1aac919

Please sign in to comment.