[130351] in cryptography@c2.net mail archive
Re: security questions
daemon@ATHENA.MIT.EDU (John Levine)
Sun Aug 10 15:25:22 2008
Date: 10 Aug 2008 17:55:15 -0000
From: John Levine <johnl@iecc.com>
To: cryptography@metzdowd.com
In-Reply-To: <20080810014504.GA1649@panix.com>
Cc: tls@rek.tjls.com
> IIRC, it used personal data already available to DEC -- so they
> didn't have to ask their employees for it
That works great so long as the personal data is accurate.
Banks these days are supposed to verify your identity when you open an
account. Online banks pull your credit report anyway, so they make up
some verification questions from historical info in the report. I'm
regularly asked which of four street addresses I've lived at.
Unfortunately, in my case the correct answer is invariably "none of
them". I'm part owner of a relative's house in New Jersey, and the
credit bureaus all are sure that since my name is on the deed, that
must be where I live. So that's the address that shows up. Adding to
the excitement, they often ask what city, to which the answer would
still be none of them even if I lived in that house. It's in
Lawrenceville, but I guess it gets mail delivered from the Trenton
P.O. so the allegedly correct answer is Trenton.
It's not too hard for me to figure these out, but given the amount of
plain wrong info in credit reports, this approach must lead to some
pretty frustrating failures.
Regards,
John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies",
Information Superhighwayman wanna-be, http://www.johnlevine.com, ex-Mayor
"More Wiener schnitzel, please", said Tom, revealingly.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
