1993-11-02 - Your mother’s maiden name
Header Data
From: Arthur Chandler <arthurc@crl.com>
To: cypherpunks@toad.com
Message Hash: c38e899bdfb31c7e1bda95f3e4337ff315f5ff9873cf350f0c62fb18588ba297
Message ID: <Pine.3.87.9311011635.A18061-0100000@crl.crl.com>
Reply To: <UgpMbJO00VomMPJkcJ@andrew.cmu.edu>
UTC Datetime: 1993-11-02 00:22:40 UTC
Raw Date: Mon, 1 Nov 93 16:22:40 PST
Raw message
From: Arthur Chandler <arthurc@crl.com>
Date: Mon, 1 Nov 93 16:22:40 PST
To: cypherpunks@toad.com
Subject: Your mother's maiden name
In-Reply-To: <UgpMbJO00VomMPJkcJ@andrew.cmu.edu>
Message-ID: <Pine.3.87.9311011635.A18061-0100000@crl.crl.com>
MIME-Version: 1.0
Content-Type: text/plain
At least three places/organizations I do business with ask for this bit
of info as a "security check." The idea being, I think that you mother's
maiden name is something that only those intimately familiar with your
family would know, and therefore is an easy, universally applicable kind
of "password" to be used before handing out sensitive info.
But I've always wondered just how secure this "password" is. Recalling
Eric Hughes statement that "cryptography is all economics," and
realizing that someone with an unlimited budget could probably scrounge
that info after some effort -- just how much effort would it take? And
how secure is "mom's maiden name" as a password for obtaining sensitive
information over the phone?
Thread
Return to November 1993
- Return to “Arthur Chandler <arthurc@crl.com>”
- Return to “dmandl@lehman.com (David Mandl)”
- Return to “hughes@ah.com (Eric Hughes)”
- Return to “J. Michael Diehl <mdiehl@triton.unm.edu>”
- Return to “Matthew J Ghio <mg5n+@andrew.cmu.edu>”
Return to “Steven Hodas <hhll@u.washington.edu>”
- 1993-11-01 (Mon, 1 Nov 93 13:19:49 PST) - Re: Anonymous vs false IDs - dmandl@lehman.com (David Mandl)
- 1993-11-01 (Mon, 1 Nov 93 14:14:51 PST) - Re: Anonymous vs false IDs - Matthew J Ghio <mg5n+@andrew.cmu.edu>
- 1993-11-02 (Mon, 1 Nov 93 16:22:40 PST) - Your mother’s maiden name - Arthur Chandler <arthurc@crl.com>
- 1993-11-02 (Mon, 1 Nov 93 18:33:50 PST) - Re: Your mother’s maiden name - Steven Hodas <hhll@u.washington.edu>
- 1993-11-02 (Mon, 1 Nov 93 20:34:50 PST) - Re: Your mother’s maiden name - J. Michael Diehl <mdiehl@triton.unm.edu>
- 1993-11-02 (Tue, 2 Nov 93 01:31:20 PST) - Your mother’s maiden name - hughes@ah.com (Eric Hughes)
- 1993-11-02 (Mon, 1 Nov 93 16:22:40 PST) - Your mother’s maiden name - Arthur Chandler <arthurc@crl.com>
- 1993-11-01 (Mon, 1 Nov 93 14:14:51 PST) - Re: Anonymous vs false IDs - Matthew J Ghio <mg5n+@andrew.cmu.edu>