Foibles of user "security" questions
Dave Korn
dave.korn at artimi.com
Sat Jan 12 16:31:52 EST 2008
On 07 January 2008 17:14, Leichter, Jerry wrote:
> Reported on Computerworld recently: To "improve security", a system
> was modified to ask one of a set of fixed-form questions after the
> password was entered. Users had to provide the answers up front to
> enroll. One question: Mother's maiden name. User provides the
> 4-character answer. System refuses to accept it: Answer must have
> at least 6 characters.
See also "Favorite Color (RED is not a valid option)" at
http://thedailywtf.com/Articles/Banking-So-Advanced.aspx
cheers,
DaveK
--
Can't think of a witty .sigline today....
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list