security questions

David Molnar dmolnar at
Wed Aug 6 15:15:18 EDT 2008

Peter Saint-Andre wrote:

[list of security questions snipped]
> ***
> It strikes me that the answers to many of these questions might be 
> public information or subject to social engineering attacks...

You might enjoy reading Ari Rabkin's recent paper at SOUPS 2008
on this issue:

"Personal knowledge questions for fallback authentication:
Security questions in the era of Facebook"
Ariel Rabkin

He has slides as well:

-David Molnar

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the cryptography mailing list