security questions
Peter Saint-Andre
stpeter at stpeter.im
Wed Aug 6 12:45:21 EDT 2008
Chris Kuethe wrote:
> On Wed, Aug 6, 2008 at 8:23 AM, Peter Saint-Andre <stpeter at stpeter.im> wrote:
>> Wells Fargo is requiring their online banking customers to provide answers
>> to security questions such as these:
>>
>> ***
>> ...
>> ***
>>
>> It strikes me that the answers to many of these questions might be public
>> information or subject to social engineering attacks...
>
> Lie.
>
> I don't actually give the real answers to those questions for just
> that reason. Make up some plausible and memorable words (maybe using a
> tool like "yould"), and pick your mother a new random name from the
> phone book.
Oh, I know we're smart enough to do that, but I doubt that your typical
Facebook user will realize that their high school and best friend's
first name (etc.) are public information.
Peter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7338 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20080806/353e8f0c/attachment.bin>
More information about the cryptography
mailing list