[113192] in cryptography@c2.net mail archive

home help back first fref pref prev next nref lref last post

RE: Foibles of user "security" questions

daemon@ATHENA.MIT.EDU (Dave Korn)
Mon Jan 14 17:35:29 2008

From: "Dave Korn" <dave.korn@artimi.com>
To: "'Leichter, Jerry'" <leichter_jerrold@emc.com>,
	<cryptography@metzdowd.com>
Date: Sat, 12 Jan 2008 21:31:52 -0000
In-Reply-To: <Pine.SOL.4.61.0801071210470.15241@mental>

On 07 January 2008 17:14, Leichter, Jerry wrote:

> Reported on Computerworld recently:  To "improve security", a system
> was modified to ask one of a set of fixed-form questions after the
> password was entered.  Users had to provide the answers up front to
> enroll.  One question:  Mother's maiden name.  User provides the
> 4-character answer.  System refuses to accept it:  Answer must have
> at least 6 characters.

  See also "Favorite Color (RED is not a valid option)" at
http://thedailywtf.com/Articles/Banking-So-Advanced.aspx

    cheers,
      DaveK
-- 
Can't think of a witty .sigline today....

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com

home help back first fref pref prev next nref lref last post