dmolnar at eecs.berkeley.edu
Wed Aug 6 15:15:18 EDT 2008
Peter Saint-Andre wrote:
[list of security questions snipped]
> It strikes me that the answers to many of these questions might be
> public information or subject to social engineering attacks...
You might enjoy reading Ari Rabkin's recent paper at SOUPS 2008
on this issue:
"Personal knowledge questions for fallback authentication:
Security questions in the era of Facebook"
He has slides as well:
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 250 bytes
Desc: OpenPGP digital signature
More information about the cryptography