Foibles of user "security" questions
Leichter, Jerry
leichter_jerrold at emc.com
Mon Jan 7 12:13:54 EST 2008
Reported on Computerworld recently: To "improve security", a system
was modified to ask one of a set of fixed-form questions after the
password was entered. Users had to provide the answers up front to
enroll. One question: Mother's maiden name. User provides the
4-character answer. System refuses to accept it: Answer must have
at least 6 characters.
I can just see the day when someone's fingerprint is rejected as
"insufficiently complex".
-- Jerry
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list