[129951] in cryptography@c2.net mail archive
Re: security questions
daemon@ATHENA.MIT.EDU (Chris Kuethe)
Wed Aug 6 16:49:33 2008
Date: Wed, 6 Aug 2008 09:42:09 -0700
From: "Chris Kuethe" <chris.kuethe@gmail.com>
To: "Peter Saint-Andre" <stpeter@stpeter.im>
Cc: Cryptography <cryptography@metzdowd.com>
In-Reply-To: <4899C1EF.3050406@stpeter.im>
On Wed, Aug 6, 2008 at 8:23 AM, Peter Saint-Andre <stpeter@stpeter.im> wrote:
> Wells Fargo is requiring their online banking customers to provide answers
> to security questions such as these:
>
> ***
> ...
> ***
>
> It strikes me that the answers to many of these questions might be public
> information or subject to social engineering attacks...
Lie.
I don't actually give the real answers to those questions for just
that reason. Make up some plausible and memorable words (maybe using a
tool like "yould"), and pick your mother a new random name from the
phone book.
--
GDB has a 'break' feature; why doesn't it have 'fix' too?
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
