From: hughes@ah.com (Eric Hughes)
To: cypherpunks@toad.com
Message Hash: 5a6b27920c78557bfe5a847f48e364b450a0ddd759d20a97d62d4df93604acd4
Message ID: <9311020923.AA01212@ah.com>
Reply To: <Pine.3.87.9311011635.A18061-0100000@crl.crl.com>
UTC Datetime: 1993-11-02 09:31:20 UTC
Raw Date: Tue, 2 Nov 93 01:31:20 PST
From: hughes@ah.com (Eric Hughes)
Date: Tue, 2 Nov 93 01:31:20 PST
To: cypherpunks@toad.com
Subject: Your mother's maiden name
In-Reply-To: <Pine.3.87.9311011635.A18061-0100000@crl.crl.com>
Message-ID: <9311020923.AA01212@ah.com>
MIME-Version: 1.0
Content-Type: text/plain
re: cost of obtaining mother's maiden name.
>And how secure is "mom's maiden name" as a password for obtaining
>sensitive information over the phone?
Not very. Birth records and marriage records tend to be public
record. Organizations that do genealogical research tend to have this
data around, although they don't always make it easy to get data on
the living.
On the other hand, most organizations I've dealt with that use it just
use it as a password field. You can just pretend that the person on
the other end of the line is asking "What is your password?" rather
than the standard question.
Eric
Return to November 1993
Return to “Steven Hodas <hhll@u.washington.edu>”