[112636] in cryptography@c2.net mail archive
Foibles of user "security" questions
daemon@ATHENA.MIT.EDU (Leichter, Jerry)
Mon Jan 7 15:42:30 2008
Date: Mon, 7 Jan 2008 12:13:54 -0500 (EST)
From: "Leichter, Jerry" <leichter_jerrold@emc.com>
To: cryptography@metzdowd.com
Reported on Computerworld recently: To "improve security", a system
was modified to ask one of a set of fixed-form questions after the
password was entered. Users had to provide the answers up front to
enroll. One question: Mother's maiden name. User provides the
4-character answer. System refuses to accept it: Answer must have
at least 6 characters.
I can just see the day when someone's fingerprint is rejected as
"insufficiently complex".
-- Jerry
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com