Many online and telephone services rely on asking daft personal questions to authenticate users, particularly when a password has been lost or an account locked out. It's quite common to rely on a mother's maiden name, first pet's name or other significant personal data to prove the identity of the caller. We've already discussed the problem of using publicly-available data for this purpose, but there's another problem: remembering the answer you gave when you established these challenge-response questions. How did you spell your first pet's name? What was the exact model of your first car, or the name of your first love? And will you get locked out if you can't remember these facts? Courtesy of Wired magazine, we now have the chance to play personal security Trivial Pursuit. Enjoy!
« Data losses in Borsetshire | Main | Last in line for the DNA database »
Turning security into a game of Trivial Pursuit
Search
About
This page contains a single entry from the blog posted on February 27, 2008 11:01 AM.
The previous post in this blog was Data losses in Borsetshire.
The next post in this blog is Last in line for the DNA database.
Many more can be found on the main index page or by looking through the archives.
Powered by
Movable Type
Movable Type