Re: Foibles of user security questions
of possible relevance... Mike Just. Designing and Evaluating Challenge-Question Systems. IEEE SECURITY PRIVACY, 1540-7993/04, SEPTEMBER/OCTOBER 2004. =JeffH - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
RE: Foibles of user security questions
On 07 January 2008 17:14, Leichter, Jerry wrote: Reported on Computerworld recently: To improve security, a system was modified to ask one of a set of fixed-form questions after the password was entered. Users had to provide the answers up front to enroll. One question: Mother's maiden name. User provides the 4-character answer. System refuses to accept it: Answer must have at least 6 characters. See also Favorite Color (RED is not a valid option) at http://thedailywtf.com/Articles/Banking-So-Advanced.aspx cheers, DaveK -- Can't think of a witty .sigline today - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Foibles of user security questions
Florian Weimer [EMAIL PROTECTED] writes: * Jerry Leichter: I can just see the day when someone's fingerprint is rejected as insufficiently complex. It's been claimed that once you reach the retirement age, one person in ten hasn't got any fingerprints which can be used for biometric purposes. It's not just older people, it's manual workers, children, and (as a generalisation for all biometrics) goats, the percentage of the overall population who don't produce useful results for whatever biometric is being employed. The population of goats (for a reasonable FAR/FRR) is usually in the low single digits. The standard response to goats is to wind down the FRR until the problem is no longer noticeable. More on this in http://www.cs.auckland.ac.nz/~pgut001/pubs/biometrics.pdf. (FAR = false acceptance rate, FRR = false rejection rate). Peter. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]