• United States



Spending Money on Useless Research

May 26, 20093 mins
Data and Information SecurityIdentity Management SolutionsIT Leadership

We are bombarded daily with new password requirements. We have userids and passwords for everything and trying to remember them is difficult. We create little schemes to remember the passwords incrementing or decrementing a number somewhere within the password. We download userid and password safes to store them yet we need another userid and password to access the password safe. In order to make it easy for us to remember the myriad of credentials we need to access this application and that tool, companies have provided series of questions; ‘secret’ questions that we need to choose from – at least two from the list provided. This serves to reduce help desk calls for the company while making it easy for us to remember and retrieve our userid and password.    A recent study, which I find to be quite ludicrous (we always seem to spend money in the U.S. on proving the obvious), researchers discovered the following:

In research to be presented at the IEEE Symposium on Security and Privacy this week, researchers from Microsoft and Carnegie Mellon University plan to show that the secret questions used to secure the password-reset functions of a variety of websites are woefully insecure. In a study involving 130 people, the researchers found that 28 percent of the people who knew and were trusted by the study’s participants could guess the correct answers to the participant’s secret questions. Even people not trusted by the participant still had a 17 percent chance of guessing the correct answer to a secret question. –

The types of questions we are asked to help us remember (challenge response enrollment process):

·         Where did you spend most of your youth?

·         What was the name of your first pet?

·         What was the name of the street you grew up on?

·         What is the name of your favorite school teacher?

·         What is the name of the fist school you attended?

·         What is your first car’s color and model?

·         In what city was your father born?

·         What is your father’s middle name?

·         What is your mother’s maiden name?

·         In what city were you born?

·         In what city was your mother born?

·         What is your favorite movie of all time?

·         What is the first and last name of your first best friend?

·         What is your favorite color?

·         What is your favorite sports team?

·         What is your favorite food?

·         What is the first and last name of your best man or maid of honor?

·         What is your favorite place to visit?

·         Who is your favorite actor, musician or artist?

·         What street did you live on when you were in the 3rd grade?

·         What school did you attend in the 7th grade?

·         What is the first name of your favorite childhood friend?

·         What is the first phone number you remember?

You do not need to guess these and why spend money researching the obvious. All you need to do is visit Facebook, MySpace, LinkedIn, and many of the other social networking sites to gather this information. These sites are being mined for information on a daily basis by criminal elements, by lawyers during divorce proceedings and by prospective employers during the interview process. Guess if you want but why bother – we give the info away for free and if you forget how you answered during the challenge response enrollment, just go to your own Facebook page…