Failing Stupid

Users today are tasked with remembering so many unique passwords, it’s almost standard now for authentication systems (especially on the web) to provide a ‘fail stupid’ method of recovering a password.
Bypassing the (hopefully) adequate authentication system, a user can generally reset a password or have it sent to them by answering a pre-chosen, easy question, such as:
- What is your mother’s maiden name?
- What is your favorite color?
- What is/was your high-school mascot?
These types of questions are ripe targets for a user-context attack, the answers to which may be easily researchable via public information.

Users today are tasked with remembering so many unique passwords, it’s almost standard now for authentication systems (especially on the web) to provide a ‘fail stupid’ method of recovering a password.