From: Steven Hodas <hhll@u.washington.edu>
To: Arthur Chandler <arthurc@crl.com>
Message Hash: eeb4693f500643a045073262fb92d6e682eefe9d0c9b4bb5c4641cb84a0aa6c8
Message ID: <Pine.3.87.9311011842.H12407-0100000@stein2.u.washington.edu>
Reply To: <Pine.3.87.9311011635.A18061-0100000@crl.crl.com>
UTC Datetime: 1993-11-02 02:33:50 UTC
Raw Date: Mon, 1 Nov 93 18:33:50 PST
From: Steven Hodas <hhll@u.washington.edu>
Date: Mon, 1 Nov 93 18:33:50 PST
To: Arthur Chandler <arthurc@crl.com>
Subject: Re: Your mother's maiden name
In-Reply-To: <Pine.3.87.9311011635.A18061-0100000@crl.crl.com>
Message-ID: <Pine.3.87.9311011842.H12407-0100000@stein2.u.washington.edu>
MIME-Version: 1.0
Content-Type: text/plain
About a year ago my wife got a phone call from a stranger claiming to believe
he had gone to high school with her, but he wasn't really sure. After
a whole song and dance he finally said, nonchalantly, "Well, gee, what was
your mother's maiden name?"
Since her mother's maiden name was not, "Fuck you, asshole", I gathered
from those words that she had figured out his scam.
Who knows who he was. We immediatley changed all maiden-name passwords to
something more obscure and less socially-engineerable.
Steven
______________________________________________________
| |
| HORSE HORSE LION LION, A Consulting Cooperative |
| "Information into Culture" |
| |
| Steven Hodas/Catherine Holland, Principals |
| |
| hhll@u.washington.edu VOICE/FAX 206.285.5975 |
|______________________________________________________|
On Mon, 1 Nov 1993, Arthur Chandler wrote:
>
> At least three places/organizations I do business with ask for this bit
> of info as a "security check." The idea being, I think that you mother's
> maiden name is something that only those intimately familiar with your
> family would know, and therefore is an easy, universally applicable kind
> of "password" to be used before handing out sensitive info.
> But I've always wondered just how secure this "password" is. Recalling
> Eric Hughes statement that "cryptography is all economics," and
> realizing that someone with an unlimited budget could probably scrounge
> that info after some effort -- just how much effort would it take? And
> how secure is "mom's maiden name" as a password for obtaining sensitive
> information over the phone?
>
>
Return to November 1993
Return to “Steven Hodas <hhll@u.washington.edu>”