1993-11-02 - Re: Your mother’s maiden name

Header Data

From: Steven Hodas <hhll@u.washington.edu>
To: Arthur Chandler <arthurc@crl.com>
Message Hash: eeb4693f500643a045073262fb92d6e682eefe9d0c9b4bb5c4641cb84a0aa6c8
Message ID: <Pine.3.87.9311011842.H12407-0100000@stein2.u.washington.edu>
Reply To: <Pine.3.87.9311011635.A18061-0100000@crl.crl.com>
UTC Datetime: 1993-11-02 02:33:50 UTC
Raw Date: Mon, 1 Nov 93 18:33:50 PST

Raw message

From: Steven Hodas <hhll@u.washington.edu>
Date: Mon, 1 Nov 93 18:33:50 PST
To: Arthur Chandler <arthurc@crl.com>
Subject: Re: Your mother's maiden name
In-Reply-To: <Pine.3.87.9311011635.A18061-0100000@crl.crl.com>
Message-ID: <Pine.3.87.9311011842.H12407-0100000@stein2.u.washington.edu>
MIME-Version: 1.0
Content-Type: text/plain



About a year ago my wife got a phone call from a stranger claiming to believe
he had gone to high school with her, but he wasn't really sure.  After
a whole song and dance he finally said, nonchalantly, "Well, gee, what was 
your mother's maiden name?"

Since her mother's maiden name was not, "Fuck you, asshole", I gathered 
from those words that she had figured out his scam. 

Who knows who he was. We immediatley changed all maiden-name passwords to
something more obscure and less socially-engineerable.
 

Steven

    ______________________________________________________
   |                                                      |
   |    HORSE HORSE LION LION, A Consulting Cooperative   | 
   |              "Information into Culture"              | 
   |                                                      | 
   |      Steven Hodas/Catherine Holland, Principals      |
   |                                                      | 
   |    hhll@u.washington.edu   VOICE/FAX 206.285.5975    |
   |______________________________________________________|


On Mon, 1 Nov 1993, Arthur Chandler wrote:

> 
>  At least three places/organizations I do business with ask for this bit 
> of info as a "security check." The idea being, I think that you mother's 
> maiden name is something that only those intimately familiar with your 
> family would know, and therefore is an easy, universally applicable kind 
> of "password" to be used before handing out sensitive info.
>  But I've always wondered just how secure this "password" is. Recalling 
> Eric Hughes statement that "cryptography is all economics," and 
> realizing that someone with an unlimited budget could probably scrounge 
> that info after some effort -- just how much effort would it take? And 
> how secure is "mom's maiden name" as a password for obtaining sensitive 
> information over the phone?
> 
> 






Thread