[112820] in cryptography@c2.net mail archive
Re: Foibles of user "security" questions
daemon@ATHENA.MIT.EDU (mtd)
Wed Jan 9 17:37:34 2008
Date: Wed, 09 Jan 2008 11:33:08 +0100
From: mtd <mtd@centrum.cz>
To: cryptography@metzdowd.com
Victor Duchovni wrote:
> A
> security savvy user will recognize this as a second password, that
> multiple sites seem to want to share, and enter something unique and
> unmemorable (stored on a "keychain" or just discarded if the primary
> password is similarly safely stored).
In fact, I see security questions as a security weakness.
My typical answer is random garbage, such as output of pwgen -s -y 48 1.
This can be discarded then. Or, at least, gpw 1 60 (gpw output is less
secure, but can be stored, remembered, and even written in on simplified
keyboards)
Leichter, Jerry wrote:
> I can just see the day when someone's fingerprint is rejected as
> "insufficiently complex".
:-) Or iris scan, or body dimensions. I call it security through
stupidity. :-)
But never mind, these people will be picked up by by government
datamining as un-normal (terrorist suspects) and imprisoned. Problem solved.
--
Martin Tomasek
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com