Electronic security is a paramount concern in today's highly connected society. Nearly everything about a consumer is being captured daily and private information about the consumer is stored on a variety of online-accessible services.
Nearly a day does not go by when one hears about some online system being hacked and consumer information being exposed.
Most, authentication to these online systems still use a basic user identifier and password combination for authentication. Some, still even store the passwords of the users; rather, than using a hashing technique to store a key that is derived from the consumer selected password, which makes these type of online systems even more vulnerable to hacking.
Many online systems have moved to both a user identifier and password combination combined with one or more challenge questions to accomplish a multifactor approach in attempts to thwart hacking. However, often users cannot even remember the answer they provided for the questions they selected, which frustrates the users and results in the users having to reset their passwords. Moreover, these approaches are static, meaning that the consumer selects from a list of available questions pre-determined the online system and the consumer provides answers to the selected questions. This gets stored on the online system site and many online systems use the same types of questions, which means if one online system is hacked the user can be vulnerable on another online system. Still further, the answers to these static questions are often very easy for a hacker to guess. In short these approaches used in the industry are repeatable from system to system, easy to guess, and stored within the systems (making these approaches less than ideal).