Peter Saint-Andre wrote:

[list of security questions snipped]
***

It strikes me that the answers to many of these questions might be public information or subject to social engineering attacks...

You might enjoy reading Ari Rabkin's recent paper at SOUPS 2008
on this issue:

"Personal knowledge questions for fallback authentication:
Security questions in the era of Facebook"
Ariel Rabkin
http://www.cs.berkeley.edu/~asrabkin/bankauth.pdf

He has slides as well:
http://www.eecs.berkeley.edu/~asrabkin/rabkin.pdf

-David Molnar

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to