[112735] in cryptography@c2.net mail archive
Re: Foibles of user "security" questions
daemon@ATHENA.MIT.EDU (Victor Duchovni)
Tue Jan 8 21:28:15 2008
Date: Mon, 7 Jan 2008 23:09:04 -0500
From: Victor Duchovni <Victor.Duchovni@MorganStanley.com>
Cc: cryptography@metzdowd.com
In-Reply-To: <AAADD16A25EB4B44B7E8B3FB8626FAEB036DB34F@xmb-hkg-414.apac.cisco.com>
On Tue, Jan 08, 2008 at 07:43:58AM +0800, Ian Farquhar (ifarquha) wrote:
> I've been having this problem for years (my mother's maiden name is,
> indeed, four characters long). It's often rejected as too short, yet
> I'm forced to enter it. I do the workaround of entering it twice, but
> then have to remember which sites I applied this hack for.
>
Why enter your mother's actual maiden name when prompted for it? A
security savvy user will recognize this as a second password, that
multiple sites seem to want to share, and enter something unique and
unmemorable (stored on a "keychain" or just discarded if the primary
password is similarly safely stored).
When asked to provide answers for security questions, mine are always
either the output of "openssl rand -base64 N" (with N = 6, 9 or 12),
or more memorable non-sequiturs when that is more appropriate. Here's
a new reasonably memorable variant.
Q: Mother's Maiden Name:
A: Winston-Delano-Stalin
--
Viktor.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com