security questions

security questions
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 General Computer Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
security questions unix_fan 09-13-2007
`--> Re: security questions Ertugrul Soeyle...09-16-2007
Posted by unix_fan on September 13, 2007, 10:10 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Security questions are the big thing now. Everybody is demanding that I
reveal private information to them in clear text.

How can this be good? Am I wrong, or are we giving system administrators
and others around the globe access to our banks and mutual funds? Because
sooner or later, somebody is going to use my dog's name to try to
get access to my accounts via the security question.

I mean, now they're starting to put more security questions in, but with 8
to choose from, that's like using a 3 bit security algorithm.

How about this as an alternative: have the user put in two passwords.
Maybe a PIN and a PUK. Or just have the security quesition be optional.

These sites often let you reset your password by mail anyway,
so what's the point?


Posted by Ertugrul Soeylemez on September 16, 2007, 11:09 am
If you were  Registered and logged in, you could reply and use other advanced thread options

> Security questions are the big thing now. Everybody is demanding that
> I reveal private information to them in clear text.

This is where your view is wrong. Security questions don't demand true
answers. To the question, "what's the name of your dog?", would you
really tell the name of your dog? Use anything _but_ the name of your
dog. View this as a password prompt, where you can choose the prompt
message.


Regards,
Ertugrul S=C3=B6ylemez.


--=20
Security is the one concept, which makes things in your life stay as
they are. Otto is a man, who is afraid of changes in his life; so
naturally he does not employ security.

Similar ThreadsPosted
security questions July 4, 2004, 9:25 am
Security Questions- A graduate student needs help February 27, 2007, 3:39 am
Resurrecting a Win98SE machine; security questions. June 20, 2004, 2:18 am
OTP over SSL questions June 17, 2006, 8:07 am
x.509 questions June 7, 2007, 9:50 pm
Some virus questions May 2, 2005, 6:57 am
IPSEC ESP questions May 10, 2005, 10:55 am
Starting a Consultant Firm - Questions August 4, 2006, 3:53 pm
Novice Questions: Non-Standard Service Listening on Port/Firewalls August 18, 2004, 2:12 pm
REVIEW: "CISSP Practice Questions Exam Cram 2", Michael C. Gregg August 22, 2005, 5:19 pm

The site map in XML format XML site map

Contact Us | Privacy Policy