security questions

Peter Saint-Andre stpeter at
Wed Aug 6 12:45:21 EDT 2008

Chris Kuethe wrote:
> On Wed, Aug 6, 2008 at 8:23 AM, Peter Saint-Andre <stpeter at> wrote:
>> Wells Fargo is requiring their online banking customers to provide answers
>> to security questions such as these:
>> ***
>> ...
>> ***
>> It strikes me that the answers to many of these questions might be public
>> information or subject to social engineering attacks...
> Lie.
> I don't actually give the real answers to those questions for just
> that reason. Make up some plausible and memorable words (maybe using a
> tool like "yould"), and pick your mother a new random name from the
> phone book.

Oh, I know we're smart enough to do that, but I doubt that your typical 
Facebook user will realize that their high school and best friend's 
first name (etc.) are public information.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7338 bytes
Desc: S/MIME Cryptographic Signature
URL: <>

More information about the cryptography mailing list