IIRC, it used personal data already available to DEC -- so they
didn't have to ask their employees for it
That works great so long as the personal data is accurate.
Banks these days are supposed to verify your identity when you open an
account. Online banks pull your credit report anyway, so
[EMAIL PROTECTED] wrote:
John Ioannidis wrote:
| Does anyone know how this security questions disease started, and
why
| it is spreading the way it is? If your company does this, can you
find
| the people responsible and ask them what they were thinking?
The answer is Help Desk Call
| | My theory is that no actual security people have ever been involved,
| | that it's just another one of those stupid design practices that are
| | perpetuated because nobody has ever complained or that's what
| | everybody is doing.
|
| Your theory is incorrect. There is considerable
Another useful piece of research on the topic:
V. Griffith and M. Jakobsson.
Messin' with Texas, Deriving Mother's Maiden Names Using Public Records.
ACNS '05, 2005 and CryptoBytes Winter '07
http://www.informatics.indiana.edu/markus/papers.asp
Cheers, Scott
Wells Fargo is requiring their online banking customers to provide
answers to security questions such as these:
Does Wells Fargo really use the term security question here?
Just wondering,
Stefan.
Symposium Wirtschaftsspionage
Does anyone know how this security questions disease started, and why
it is spreading the way it is? If your company does this, can you find
the people responsible and ask them what they were thinking?
My theory is that no actual security people have ever been involved, and
that it's just
Stefan Kelm wrote:
Wells Fargo is requiring their online banking customers to provide
answers to security questions such as these:
Does Wells Fargo really use the term security question here?
Yes it does. I'm a Wells Fargo customer and I had to set my security
questions yesterday in order
On Thu, 7 Aug 2008, John Ioannidis wrote:
| Does anyone know how this security questions disease started, and
| why it is spreading the way it is? If your company does this, can you
| find the people responsible and ask them what they were thinking?
|
| My theory is that no actual security
John Ioannidis wrote:
| Does anyone know how this security questions disease started, and
why
| it is spreading the way it is? If your company does this, can you
find
| the people responsible and ask them what they were thinking?
The answer is Help Desk Call Avoidance; allow the end-user to
On Wed, 6 Aug 2008, Peter Saint-Andre wrote:
| Wells Fargo is requiring their online banking customers to provide
| answers to security questions such as these:
|
| ***
|
| What is name of the hospital in which your first child was born?
| What is your mother's birthday? (MMDD)
| What is the
On Wed, Aug 6, 2008 at 8:23 AM, Peter Saint-Andre [EMAIL PROTECTED] wrote:
Wells Fargo is requiring their online banking customers to provide answers
to security questions such as these:
***
...
***
It strikes me that the answers to many of these questions might be public
information or
Chris Kuethe wrote:
On Wed, Aug 6, 2008 at 8:23 AM, Peter Saint-Andre [EMAIL PROTECTED] wrote:
Wells Fargo is requiring their online banking customers to provide answers
to security questions such as these:
***
...
***
It strikes me that the answers to many of these questions might be public
On Wed, Aug 6, 2008 at 9:23 AM, Peter Saint-Andre wrote:
Wells Fargo is requiring their online banking customers to provide answers to
security questions such as these:
***
What is name of the hospital in which your first child was born?
...
What was your most memorable gift as a child?
Peter Saint-Andre wrote:
[list of security questions snipped]
***
It strikes me that the answers to many of these questions might be
public information or subject to social engineering attacks...
You might enjoy reading Ari Rabkin's recent paper at SOUPS 2008
on this issue:
Personal
On Aug 6, 2008, at 12:17 PM, Leichter, Jerry wrote:
For Web sites these days, I generate random strong passwords and keep
them on a keychain on my Mac. Actually, the keychain gets
synchronized
automatically across all my Mac's using .mac/MobileMe (for all their
flaws). When I do this, I
15 matches
Mail list logo
