[113192] in cryptography@c2.net mail archive
RE: Foibles of user "security" questions
daemon@ATHENA.MIT.EDU (Dave Korn)
Mon Jan 14 17:35:29 2008
From: "Dave Korn" <dave.korn@artimi.com>
To: "'Leichter, Jerry'" <leichter_jerrold@emc.com>,
<cryptography@metzdowd.com>
Date: Sat, 12 Jan 2008 21:31:52 -0000
In-Reply-To: <Pine.SOL.4.61.0801071210470.15241@mental>
On 07 January 2008 17:14, Leichter, Jerry wrote:
> Reported on Computerworld recently: To "improve security", a system
> was modified to ask one of a set of fixed-form questions after the
> password was entered. Users had to provide the answers up front to
> enroll. One question: Mother's maiden name. User provides the
> 4-character answer. System refuses to accept it: Answer must have
> at least 6 characters.
See also "Favorite Color (RED is not a valid option)" at
http://thedailywtf.com/Articles/Banking-So-Advanced.aspx
cheers,
DaveK
--
Can't think of a witty .sigline today....
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com