security questions
David Molnar
dmolnar at eecs.berkeley.edu
Wed Aug 6 15:15:18 EDT 2008
Peter Saint-Andre wrote:
[list of security questions snipped]
> ***
>
> It strikes me that the answers to many of these questions might be
> public information or subject to social engineering attacks...
You might enjoy reading Ari Rabkin's recent paper at SOUPS 2008
on this issue:
"Personal knowledge questions for fallback authentication:
Security questions in the era of Facebook"
Ariel Rabkin
http://www.cs.berkeley.edu/~asrabkin/bankauth.pdf
He has slides as well:
http://www.eecs.berkeley.edu/~asrabkin/rabkin.pdf
-David Molnar
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20080806/fa5c6bcc/attachment.pgp>
More information about the cryptography
mailing list