Friday, October 03, 2008

Biographical secret questions weakening as security measures

Due to the rise of online social networks and informational sites, secret questions based on biographical information are losing strength as a supplementary to password-based security.

As discussed in a Time article, Those Crazy Internet Security Questions, as more information on individuals becomes easily available - either provided by them directly or via government, corporate and collaborative online databases - the secureness of personal questions diminish.

The article provides a ten second case study on how easy it is to get the biographical information of a prominent person from their wikipedia entry and online postal database.

Speech transcripts, videos, blog posts, social network profiles, news sites and genealogical websites can also provide significantly more information quickly and cheaply.

It's slightly more difficult to get information on an 'unknown' person - but many are doing hackers the favour of providing their own biographical information online - as well as adding to the available information on their family and friends.

This raises a need to steer secret questions away from purely biographical information, or seek stronger alternatives.

So what was your mother's maiden name again?

No comments:

Post a Comment