[112636] in cryptography@c2.net mail archive

home help back first fref pref prev next nref lref last post

Foibles of user "security" questions

daemon@ATHENA.MIT.EDU (Leichter, Jerry)
Mon Jan 7 15:42:30 2008

Date: Mon, 7 Jan 2008 12:13:54 -0500 (EST)
From: "Leichter, Jerry" <leichter_jerrold@emc.com>
To: cryptography@metzdowd.com

Reported on Computerworld recently:  To "improve security", a system
was modified to ask one of a set of fixed-form questions after the
password was entered.  Users had to provide the answers up front to
enroll.  One question:  Mother's maiden name.  User provides the
4-character answer.  System refuses to accept it:  Answer must have
at least 6 characters.

I can just see the day when someone's fingerprint is rejected as
"insufficiently complex".
 							-- Jerry

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com

home help back first fref pref prev next nref lref last post