I have been thinking about this problem for a while now and I thought I would write (type?) down my thoughts.

If you have ever registered with a site and forgotten your password, you will know that most, if not all sites have a “Forgotten Password” link to reset your password. I find this the most insecure way of allowing users to get into their account. Most sites ask you for an answer to a question that is easy to remember. For example, the infamous “What is your mother’s maiden name?” How is this in any way secure? How many people know or can find out my mother’s maiden name? Or even anything simple like my first school or my pet’s name?

Passwords are outdated and are only useful in the most simplest of ways. New methods need to be brought into the mainstream as soon as possible. RSA keys, digital certificates, anything is better than standard passwords.

Remember security is only as strong as the weakest link. Having a 20 character password consisting of numbers, upper and lower case letters and symbols is meaningless if the holder of the password will give it away for nothing less than the answer to a simple question.

UPDATE:

Its happened! The forgotten password link was the problem. Read here!