LabR Learning Resources

Design Thinking, Agile and Lean Six Sigma

During a recent presentation, I was asked how I thought Agile changed the landscape when it comes to Lean Six Sigma. It’s a good question that bears some examination. But maybe not a lot, since they are not competing, but rather complementary methodologies.

So, first, why do we use Lean Six Sigma (LSS)? LSS is great when we have an opportunity for improvement, and we need to identify the root causes and develop solutions addressing the opportunity. Basically, LSS, or specifically DMAIC, is a problem solving methodology where we Define the problem, validate the existence of the problem by Measuring it in data, determine the root causes for the problem through Analysis (Analyze), identify the possible solutions, and then narrow that list down to what will be implemented (Improve) and then validate the solution had the desired effect (Control).

But, what do we do if we don’t know the problem? In some cases we know a problem exists, but we can’t quite “put our finger on it”. Everyone agrees something is wrong. This is where Design Thinking is useful. Design Thinking brings a team of people together to use a creative process to clarify the problem. We can think of DMAIC following the scientific method, where we establish a hypothesis and then evaluate it. With Design Thinking, a more creative process is followed to identify the problem and then approach solutions.

In those situations where we have a problem, and it has never been encountered before or we have no current method to handle it, then we can use the Design for Six Sigma (DFSS). Using this approach, we start with nothing, and work through the solution using the DMADV process. DMADV standard for Define, Measure, Analyze, Design and Verify. The overlaps to DMAIC should be obvious.

When we are starting with a challenge problem which is related to an existing process, we can use DMAIC to clarify the problem, determine the causes, and select and implement the best solution.

But where does Agile fit into this? Agile, from a software development approach, wouldn’t be used until the project team has decided on a solution to the problem, where the solution involves some form of software development. Once the solution has been selected, we can write the user stories, have the development team sprint to complete the development of those user stories to implement the solution. When IT has completed the development, the solution can be implemented and we can verify the impact of the solution.

The analogy I heard used to describe how these approaches work together is that of a rope. If we consider Design Thinking, DMAIC, DMADV, Agile and other methodologies like DevOps to be the individual threads, when you weave them together, the “rope” is strong, and allows you to select the best elements from each to quickly identify, clarify and solve the unique problem you are working on

Posted in Lean Six Sigma, Technology Tagged with: , ,

Multiple Intelligence Theory

Howard Earl Gardner first proposed his theory of Multiple Intelligence or MI Theory in 1983. MI Theory proposes seven primary forms of intelligence, instead of a single intelligence. These are Visual-spatial, Bodily-kinesthetic,.Musical, Interpersonal, Intrapersonal, Linguistic, Logical-mathematical, and Naturalistic. The theory allows the educational community to adapt the teaching processes to fit the individual student’s intelligence.

The theory is supported in the education community, partly because it emphasis the student-centric model of teaching. It has assisted educators in questioning their approaches, or evaluating the activities and strategies they use, and selecting alternatives which are outside the recognized approaches. MI theory itself is not an educational tool, that is to say it is on its own, not an educational goal. Rather, the theory promotes different assessment strategies that are not limited to standard tests.

Before we discuss the intelligences, we need to mention there is limited support for the theory. For example, the psychology community doesn’t support the theory as it cannot be measured using standardized tests, nor is their any valid measurement tool. The criteria to determine if something should be categorized is an “intelligence” varies from case to case, and difficult to uniformly apply, further hampering the development of any consistent measurement tool. Additionally, critics of the theory who believe that intelligence can only be measured through an IQ test will always challenge this theory.

Despite the potential benefits to the educator and the student, Gardner never fully considered the implications for educators. MI Theory is primarily focused on child development, put applicable to all ages. It emphasizes that students think and learn in many different ways, not just one way. This in itself is not new, as other research has identified various learning modalities, auditory, visual and kinesthetic, as key to the learning process. However, the emphasis on creating learning situations which are specific to the intelligence involved is also not unique. Gardner’s theory promotes presenting the information to the students in a manner which is relevant to their intelligence factor(s), known as Individualizations, and .presenting the key learning points in multiple ways, known as pluralization.

The intelligences proposed by Gardner in MI theory are:

  • Visual-spatial – addressing this intelligence requires the teacher to include various tools like models, graphics, photographs, and multimedia.
  • Bodily-kinesthetic – the teacher needs to use real objects, physical activity, acting, role-plays and hands-on-learning.
  • Musical – Students learn through activities like turning lessons into lyrics, tapping out rhythms, musical instruments and multimedia.
  • Interpersonal – Accommodating this intelligence requires teachers include group activities, seminars, audio and video conferencing, and support from the instructor.
  • Intrapersonal – these students are very in tune with their inner feelings, are intuitive and motivated. They can be taught through independent studies, diaries, books, and time.
  • Linguistic -these students are very good with words. They can learn through auditory activities, reading, multimedia, tapes and lectures.
  • Logical-mathematical – these are the conceptual thinkers challenged by puzzles, patterns and experiments. Logic games, and investigations are good ways for them to learn.
  • Naturalistic – these students interact highly with and are curious about the natural world. They can learn through hands-on-learning such as experiments and field trips, multimedia and reading.

Taking advantage of the various multiple intelligence requires the teacher to try different strategies. The teacher or instructor assists the student in identifying and encouraging the use of their specific intelligence preferences. The instructor should structure the content and presentation to appeal to different intelligences and cover as many of them as possible in the learning activity. Assessments should also cover a wide range of intelligences.

With a range of intelligences to consider, teachers can more easily consider different ways to teach the material to engage the different intelligence preferences. Although, the teacher needs to emphasize all seven intelligences in the learning process and not focus only on the linguistic and logical-mathematical.

From the instructor’s perspective, MI Theory offers several strategies.

  • Lesson Design, where multiple intelligences are incorporated into the learning activity.
  • Assessments can be tailored to the student, possibly even the students designing the assessment strategy with the teacher.
  • Students can work on complex projects.
  • Apprenticeships, where appropriate can help students master a set of complex skills.
  • Using multimedia engages various intelligences
  • Implementing presentation strategies using multimedia

If you want more information on MI Theory, you can check out these references.

Gardner, H. (2003). Multiple Intelligences after Twenty Years, 1–15.

Gardner, H. (2004). Notes for Scientific American, 1–12.

Gardner’s Multiple Intelligences. (n.d.). Gardner’s Multiple Intelligences. Mind Tools. Retrieved February 12, 2013, from

Guigon, A. (2010). Howard Gardner’s Multiple Intelligences:

A Theory for Everyone. Education World. Retrieved February 18, 2013, from

Multiple Intelligences. (n.d.). Multiple Intelligences. Theory Into Practice. Retrieved January 19, 2013, from

Multiple Intelligences. (n.d.). Multiple Intelligences. The Education Coalition. Retrieved February 18, 2013, from

Smith, M. K. (2008). howard gardner, multiple intelligences and education. Infed. Retrieved February 10, 2013, from

Posted in Adult Education, Education Tagged with: , ,

Improving Group Collaboration in the Online Learning Environment

We have released our second book to the Apple iBooks store. This book, “Improving Group collaboration in the Online Learning Environment”, is work done in one of my Masters of Information Technology in Courses courses.

From the book abstract:
Collaborative group projects in the online learning environment pose different challenges than collaborative group projects in a traditional classroom environment. Apart from the collaborative technologies used , other factors affect the success of the effort including cohesiveness, coordination, group size and the assigned task. However, the selection of the appropriate technology affects the success of the group as the technology can either inhibit or enhance the collaborative process and the success of the endeavor.

Posted in Education, Technology Tagged with: , , , ,

What is Human Computer Interaction?

This video, which is about 5 years old, is a good way to understand what HCI is why it is important.

Posted in Human Computer Interaction, Technology Tagged with: , , ,

PAEI Update

The PAEI is operating again. We did a number of updates over the last couple of days, including fixing some code which was causing intermittent problems for people. We also added a new feature, where you can now search for a previous assessment. If you know the email address you used, or the assessment number, just fill out the form with either of those values, and your assessment is retrieved. If you enter just your email address, then a list of your previous assessments is retrieved.

You can also enter your name and email address to perform a search. Both values must match to get a list of your assessments.

Thanks for visiting our site! If you like it, please let your friends know. Almost 10,000 people have taken the PAEI online inventory!

Posted in Adult Education Tagged with: , , , ,


The Online Philosophy of Adult Education is still here.  We are performing a migration of the site, and some things are not done yet.  The visuals/images in the HTML portions of the PAEI are not displaying correctly.  There also appears to be an intermittent problem with the generated report not being sent via email.

We are working to address these issues as we work through the migration.

Thanks for using the PAEI.

Posted in Adult Education Tagged with: , , , , ,

Schema Theory

The term schema, means an organization and orienting attitude that involves active organization of past experiences.  Here is a humorous explanation of schema theory from the perspective of a discussion with a fictional 14 year old nephew after he read something about schema theory.

Well, if he is reading magazines that discuss schema theory, then he is clearly reading things that his peers are not 🙂  (Clearly, Hot Rod magazine would not likely be discussing schema theory!)  So, fund his college education!

“Well Nephew, have you ever wondered why you can remember how to greet someone you have never met before?  Well, your parents started that process by teaching you to say things like “Hello, How are you”, or “It’s once to meet you”. When you meet new people in other places, like school, work or social settings, how would you great them?  Well, you will likely remember what your parents taught you.  This is an example of schema.  You learned how to greet someone, and your brain saved that information.  When you meet someone, your brain realizes that you have the information on how to greet them, and your brain recalls that information.  That is an example of a schema — the process or method of greeting someone.  When you can do it almost without thinking about it, it becomes what is called and automated schema.”

“But how do we get them Uncle Chris?”

“We learn schemas in lots of different ways.  When we read new information, our brain is figuring out how to best store that information and relate it to information we already know.  We can learn things that define how we behave in various situations, like the one I just mentioned.  Our parents, friends, teachers, books, magazine, almost anything we interact with can provide the start of a new schema or make one we already have better.”

“Okay, I get it.  Because we are even talking about this, you are helping me to build a schema.  Maybe I can explain this to someone someday.  So, why do we need schemes?  How do they help us?”

“Those are good questions Nephew.  Schemas are important to learning.  When we need to learn something new, like why is the sky blue during the day and black at night, we can rely upon something simple like the sky is blue when the sun is out and black when the is not.  That is acceptable for a lot of people we meet every day.  But that isn’t enough to answer the question for a scientist.  They need to understand the reasons why the sky is blue because that information can be used in other problems the scientist deals with.

We would call that basic explanation a generalization, or a pretty basic schema.  As we learn information in our science classes, we will start to modify or expand upon that basic schema until we know what we need to know to answer the question.  That means, different people can have more developed schemas on the same topic.  That is why you know more about cars than I do, and why I know the reason why the sky is blue and you don’r — yet.

Your teachers present information to you in certain ways because they are helping you to build an understanding about a topic, and therefore develop the schema for that topic.  Then, when you need to recall it, or be able to use it in different situations, you can.  Does that help?”

“Thanks Uncle, that helped a lot.  I am going to go back to my reading now.”


Posted in Education Tagged with: ,

Cognitive Information Processing and Memory

As a learning theory, Behaviorism dominated American psychology for half a century, but it suffered from not being able to describe the challenges associated with information recall.  Cognitive Information Processing (CIP) was not new to psychology, but its use as a learning theory allows us to address issues that behaviorism cannot.

The cognitive information processing model portrays the mind as possessing a structure consisting of components for processing (storing, retrieving, transforming, using) information and procedures for using the components. Like the behaviorism, the cognitive information processing model holds that learning consists partially of the formation of associations between new and stored information.

In the CIP model, learning occurs when information is input from the environment, processed, stored in memory, and then output in the form of some learned capability.  The question is to understand how the environment modifies human behavior, bearing in mind there is an intervening variable between the environment and the subsequent behavior; specifically, the information processing system of the learner.

CIP proposes a three stage memory system:  sensory memory, short-term memory, and long-term memory.
Sensory Memory
Sensory memory is associated with the senses including vision, hearing, tech (haptics) etc.  Sensory memory functions to hold this sensory information in memory very briefly, just long enough for the information to be processed further. There is a separate sensory memory corresponding with each of the five senses, but all are assumed to operate in essentially the same way.

When dealing with visual stimuli, it appears sensory memory is temporarily, rather than visually limited. That means that a great deal of visual information registers, but it decays very rapidly without further processing.
Relatively little information is known about sensory memories corresponding to the other senses, but they are presumed to function in a similar way.  Visual information is called Icon.

Unlike visual information, auditory information remains in sensory memory longer.  This is presumed to be because of the time it takes for speech processing to occur.  Auditory information is known as Echo.

Working or Short-term Memory

In this memory, further processing is carried out to make the information ready for either long-term storage or response and action at that time.  Working memory is generally thought to have independent processors for each sensory module.  Additionally, working memory has been likened to consciousness. If you are actively thinking about ideas, they are in working memory.  One important aspect of working memory is the relatively small amount of information it can contain and the short period of time it is available, typically 15 to 30 seconds.  (Have you ever wondered why you can walk from one room to another and forget why you went to the other room?)  This limited storage and short access time leads to practices like chunking to break complex tasks into simpler ones which can be more easily processed thorough sensory and working memory.

Information selected for further processing comes from sensory memory to working memory.  At this stage, concepts from long-term memory will be activated for use in making sense of the incoming information.  However, there are limits as to how much information can be held in working memory at one time, and for how long that information can be retained.  It is believed that working memory capacity can be increased through creating smaller bits of information to process, which are known as chunks.  The process of creating chunks is known as chunking.

Consequently, learning should be organized to allow activities to be easily chunked by the learner.  The current hypothesis is that as new chunks come into memory, they push out chunks that were previously occupying the available spaces in working memory. This is the now accepted explanation for the serial position known as recency. This is why people can remember with a higher degree of certainty the things that they heard most recently.

Research has shown that unrehearsed information, that is information which has not been selected for additional processing or storage into long term memory, will be lost from working memory in about 15 to 30 seconds.  To prevent the loss of information from working memory and to ensure its transfer to long-term storage, two processes are necessary: rehearsal and encoding.

Long-term Memory
We consider long term memory as the permanent record, or information storehouse.  It is currently assumed that once information has been processed into long term memory, it is never truly lost.  As far as we know, long-term memory is capable of retaining an unlimited amount and variety of information.  However, we forget things not because the information is lost, but only because the association or pathway to the information has deteriorated.

Episodic memory is memory for specific events, such as when you remember the circumstances surrounding how you learn to read a weather map, or perform some other task. Semantic memory, refers to all the general information stored in memory that can be recalled independently of how it was learned.   Sometimes we may not be able to remember how we learned something, because the circumstances surrounding the event were not particularly memorable. As far as educators are concerned, the emphasis is on semantic memory.

Representation of Information Storage as a Network
One way to conceive of long-term memory is to think of it as a sort of mental dictionary where concepts are represented according to their associations to one another.  A network model assumes the existence of nodes in memory, which correspond to concepts.  These nodes are thought to be interconnected in a vast network structure, representing the learned relationships among concepts.

Feature Comparison Models of Long-term Memory
In this model, concepts and memory are stored with sets of defining features.  The association to other concepts is then accomplished through a comparison of overlapping features.  The defining features are those an object must have in order for it to be classified in a category.  Characteristic features, are those that are usually associated with typical members of the category.  One challenge with the feature comparison model is that it does not take into account the issue of context as it relates to a specific concept.

Attention and Memory
Invariably some information is lost due to the excuse that the individual was not paying attention. Attention, has been conceptualized in a number of ways. Attention, is not an all or none proposition. Rather it serves to attenuate, or tune out, stimulation. We can see examples of this such as when we are attending a party and are involved in one conversation, and hear our name or a topic of interest elsewhere and our attention shifts. This means enough information was being processed about the other conversation to prompt us to react.

Ongoing research regarding attentionI speculates it is a resource with limited capacity to be allocated and shared among competing activities. This suggests learners have some control over the process, and can selectively focus attention to meet certain ends. This also suggests the tasks that require relatively little attention may be accomplished effortlessly or automatically.

Propositional Models of Long-term Memory
A proposition is a combination of concepts that have a subject and a predicate. In this model, instead of concept nodes comprising the basic unit of knowledge, the basic unit is now set to be the proposition. Because memory recallIs are often structured around propositions, propositions have been used for many recall experiments.
The propositional model is also a network model, like the Representation model we saw earlier.

Parallel Distributed Processing Models of Long-term Memory
Parallel processing is distinguished from serial processing in that multiple cognitive operations occur simultaneously as opposed to sequentially.  Network memory models have come to include the assumption of parallel processing, but this assumption is at the very core of this model.  This model is also known as a connectionist model.

The model proposes that the building blocks of memory are in fact connections. These connections are sub-symbolic in nature, which means they do not correspond to meaningful bits of information, like concepts or propositions. Instead the units are simple processing devices and connections describe how the units interact with each other.  Consequently, this forms a vast network, across which processing is assumed to be distributed.  The parallel distributed processing model seems to account for the incremental nature of human learning.
This model also allows for incorporating goals into the dynamics of the information processing system.  There has been limited evidence supporting the parallel distributed processing model as a mirror of neural processes in the brain.

Dual Code Models of Long-term Memory
Imagery is often called “images in my mind”.  Imagery could be tactile, auditory, visual or others such as olfactory or kinesthetic in nature.  There are challenges in memory with words that are more abstract in nature than words that are more concrete. For example people find it much easier to remember words like sailboat, apple, and zebra rather than words like liberty and justice.

According to the dual code or dual systems view, there are two systems of memory representation, one for verbal information and the other for nonverbal information. The theory currently suggests that mental images are not exact copies of visual images.  Images tend to be imprecise representations, with many details omitted, incomplete, or in some cases accurately recorded.

Retrieval of Learned Information
After information has been stored in long-term memory, it needs to be recalled for later use.  Previously learned information is brought back into working memory, either for the purpose of understanding some new input or for  making a response.  To recall information, learners must both generate an answer and then determine whether it correctly answers the question.  In recognition, however, potential answers are already generated, and the learner must only recognize which one is correct.

In free recall situations, learners must retrieve previously stored information with no clues or hints to help them remember.  Because there are no cues to potentially bias the retrieval of information, the theory is that the output of free recall is assumed to accurately represent what is in memory.  However providing learners with cues raises the overall amount the individual is able to remember.  Cued recall tasks are those in which a hint or cue is provided to help the learner remember the desired information.

Unlike free recall, recognition involves a set of pre-generated stimuli presented to learners for a decision or judgment.  One factor affecting recognition is the strength of the memory. Stronger memories will be more accurately recognized than weaker memories. Another factor affecting recognition is based upon the context surrounding the recognition task. High risk conditions lead to a more stringent criterion than low risk conditions, even though the memory trace in both situations is equivalent in strength and match the test stimulus.

The encoding specificity principle states “that whatever cues are used by a learner to facilitate encoding will also serve as the best retrieval cues for that information at test time”.  Information retrieval is very much influenced by the context of encoding the information into long-term memory. This suggests for instruction, that many different contexts or examples may be important to discuss during the presentation of concepts. In this way, students will have many cues available to assist in encoding.  These cues cal be used later  for recall.

The failure to encode simply means that the information sought during retrieval cannot be found.  The concept of encoding failure emphasizes once again the importance of activating relevant prior knowledge in learning.  The failure to retrieve information that has been encoded in memory is a second cause of forgetting and refers to the inability to access previously learned information.

There are methods to support or inhibit encoding.  One factor supporting encoding is note taking.  Taking notes provide an external retrieval mechanism, as it provides memory storage which is external to the learner.  Students who elaborate on their notes also tend to perform better than those are simply reread them.  The process of taking the notes and elaborating upon them forces the learner to recall what they have learned and supports associating the new information with other knowledge.

Interference, such as other events or information get in the way of effective retrieval.  Interference has occurred when numerous events and competing information has interfered with the retrieval of the desired information.
Interference can also occur from information that was learned either before or after the desired information affecting the recall of the desired information.  Retroactive interference occurs when newer information interferes with the retrieval of previously learned information.  Proactive interference occurs when previous learning interferes with the recall of later learning.

Using the Cognitive Processing Model for Instruction
If learners are supposed to understand new information in particular ways, then the instruction must be organized to help them.  Instructional tactics such as signaling what information is important and drawing learners attention to specific features of that information, can facilitate selective attention and appropriate pattern recognition.

Using imagery and representing information in multiple ways can help encoding and retrieval, as well as counteract the effects of interference.  Additionally, arranging extensive and variable practice is important.  The saying “practice makes perfect” is not exactly an accurate statement.  While automaticity is a desirable educational goal, it is not just the amount of practice that makes things perfect. It is also the type of practice. So the dictum should really say “perfect practice makes perfect”.

Posted in Education Tagged with: , , , , ,

Short term or Working Memory

Working memory is the “bridge” between the information collected using our senses and stored in sensory memory, and long-term memory where information can be later retrieved.  Working memory is commonly associated with consciousness, and is where we can work on multiple activities simultaneously.  While not part of long term memory, by applying a computer model to working memory we would arrive at a parallel processing model because of this “multi-tasking” nature.

Working memory is the portion of memory which sensory data enters from the various sensory memory areas.  For example, when information is seen visually, it is stored in the visual sensory memory area, and then brought into working memory for processing before it is determined if the information should be encoded into long-term memory.

Working memory is that part of the brain’s memory system where information is stored for a relatively short period of time, between 15 and 30 seconds, and where the brain can process pieces of information in more than one way or accomplish several tasks at once.  This is why we can be listening to music, reading and still hear our spouse call our name.

The current research theories suggest that working memory has approximately seven information “slots” that can each accommodate some discrete piece of information, with each piece being of the same or different types of data.  However, with this low number of available positions or slots, working memory cannot handle much information.  Consequently, the theory of chunking was introduced based upon ongoing research.

Chunking is the process of grouping information into chunks or pieces that make sense to the learner.  This allows us to handle much larger pieces of information than we might otherwise be able to handle.  We can see this type of approach in computer technology.  The basic element of data is called a bit, which can be either a 0 or a 1.  We chunk bits together to form a byte (8 bits) and we chunk bits together to form words.  (A word in the computer area is a construct based upon the processing width of the CPU.  Words nowadays are often 64 bits or 8 bytes long.)

The question then is why do we care about working memory?  By organizing learning in such a way as to be easily chunked, or for separate pieces to be easily identified as related, we can help working memory more quickly process the information and determine its relationship to information already stored in long-term memory, assisting the long-term memory encoding process.

Additionally, presenting the information in smaller sections helps the learner rehearse the information in working memory, which assists with the encoding of that information for long-term storage and makes it for easier recall of that information.   Depending upon which model of long-term memory you want to subscribe to, this could increase the number of nodes, connections, or concepts that are created, which also makes it easier to recall the information later.

How we process information in working memory has an impact from a behaviorism perspective.  Recall that with behaviorism, we are attempting to make some change in the learner’s behavior through a variety of methods like positive and negative reinforcement, shaping, fading, chaining, etc.

By presenting information to the learner in more easily processed chunks, we can improve their ability to process the information, establish relationships with previously learned information recalled from long term memory, and promote understanding of not only the new information but that previously learned information.  We know that creating new relationships between information not only promotes further understanding, but strengthens relationships between discrete concepts and enhances recall.

Because we have utilized these pathways, we can expect to see a change in the learner’s behavior, all things being equal.  If the learner decides that our assumptions are invalid from their perspective, they may choose to not assign the same weight or importance to the information that we did, thereby breaking down the learning and memory processes.

It is important to understand both behaviorism and cognitive information processing for the reasons already presented, but also because it helps us as instructional designers consider what behavior we want to change, which could be a demonstration of newly acquired knowledge, and therefore how the information should best be presented to the learner to assist them in integrating the new knowledge into long-term memory and therefore be capable of exhibiting the desired behavior.

Posted in Education Tagged with: , , ,

Is My Website Password Encrypted?

With all of the ongoing security breaches and people having their passwords compromised, it has to make you wonder how some websites can give you your actual password and other sites send you a link to create a new password after sending you a temporary password to use.

In this article, we are going to explain how you can determine if a website you frequent is storing their password securely. Before we do that, let’s briefly discuss how website authentication works.

How Authentication Works

When you access a website, sometimes you are required to login with a username and password to access specific website features. To do this, the website has to store your username and password so when you provide them, it can verify if you entered the correct information.

The username and password you provide is usually sent to the web server using a web form and hopefully using some form of good security, such as SSL.

When the username and password is received by the web server, it looks up the username and password you provided in its files or database and then compares them to determine if the information is correct. If not, then the login attempt fails.

Sometimes you need to recover or reset your website password because you can’t remember what it is. What happens when you do this can provide you with hints as to how secure their application is storing your username and password information.

Basically — if the website can provide you with your actual password, whether or not it asks you some security questions, then:

  • The website is possibly storing your password information unencrypted; or,
  • The website is storing the password encrypted, but knows how to unencrypt the password.

The Website Can send Your Actual Password

When you forget your password and access a website’s “I forgot my password” link, the webiste may ask you some security questions, if it was set up to do that. Whether or not the website does this is not important to our discussion. If the website can either:

  • Can show your actual password on the screen; or,
  • Send your password to you via email;

then it is highly likely the website either stores the password unencrypted or knows how to decrypt the password. If the website can give you your actual password, then it is very likely that should the website be compromised, an attacker will have access to all of the usernames and passwords for all of the users.

The Website Sends me a Temporary Password to my Email

When a website uses this approach, they have no ability to look up or retrieve your existing password. This is a good sign, but there is no way to tell if the website is using unencrypted passwords and implemented this method to obscure that fact. This approach at least doesn’t send your password back to you through normally insecure communication methods.

Most reputable websites that implement this form of password recovery likely are storing the passwords in an encrypted format, ,aking it difficult if not impossible for an attacker to recover the passwords if retirved.

The Website sends me a Reset Password link to my Email

The same caveats as mentioned in the previous section exist here, because you can’t be sure if the passwords are actually stored encrypted. However, since they won’t provide the existing password, it is more likely that your passwords are encrypted.

The Role of Security Questions and Answers

Websites that ask you to provide some security questions and answers are using this information to help prove it is you when you either forget your password or want to perform some highly protected request. If you can provide your own questions and answers, this is a better choce than using the standard questions and answers most sites use.

If you are concerned about how well a website protects the answers to your security questions, you might want to come up with a set of alternative responses to the various questions and use them instead of the real responses — the more paranoid user takes this approach. Paranoia is not a bad thing in this case.

Posted in Information Security Tagged with: , , , ,