Friday, May 23, 2014

Security : Secret Q & A

Came across an interesting idea for the answers to those ubiquitous secret Q & A they use for authentication.

If you see someone lives in NZ and the question is:

Where where you born?

a hacker could answer "Auckland" / Wellington" / "Christchurch" / "Dunedin" and that would cover about 80% of the possibilities since e.g. over 25% of the people in NZ live in Auckland.

So the suggestion is to use a random phrase to answer everything.


"Where were you born"?  = Puddleduck
"Mother's maiden name"? = Puddleduck

and so on.


No comments: