Foibles of user "security" questions
mtd
mtd at centrum.cz
Wed Jan 9 05:33:08 EST 2008
Victor Duchovni wrote:
> A
> security savvy user will recognize this as a second password, that
> multiple sites seem to want to share, and enter something unique and
> unmemorable (stored on a "keychain" or just discarded if the primary
> password is similarly safely stored).
In fact, I see security questions as a security weakness.
My typical answer is random garbage, such as output of pwgen -s -y 48 1.
This can be discarded then. Or, at least, gpw 1 60 (gpw output is less
secure, but can be stored, remembered, and even written in on simplified
keyboards)
Leichter, Jerry wrote:
> I can just see the day when someone's fingerprint is rejected as
> "insufficiently complex".
:-) Or iris scan, or body dimensions. I call it security through
stupidity. :-)
But never mind, these people will be picked up by by government
datamining as un-normal (terrorist suspects) and imprisoned. Problem solved.
--
Martin Tomasek
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list