Security Questions - using Widely known facts?

General discussion

Creator

Topic
June 27, 2010 at 11:02 pm #2213352

Security Questions – using Widely known facts?

Locked

by rsasirekha · about 12 years, 7 months ago

With Mobile and Internet banking growing heavily, do we stop to see what kind of security questions our banks ask before letting us do banking – and even getting our password reset. Most banks seem to ask “Mother’s maiden name” as equivalent to a “Open Sesame” of Alibaba. But is it not well known to close relatives and even shared among siblings. Is this based on a implicit faith on family and relations?

Similarly, Organizations seems to depend on Employee number, Date of Birth, Date of Joining the organization as the “secure” questions based on which their internal systems open up. Are these information secure and really private to the individual? Most of these are public knowledge and even available in the organization’s web site – especially for people at high level.

Is there anything like a good security question at all? Between ease of remembrance and known only to an individual looks like, compromise is the only way. But using too widely known facts as security questions does seem ironical.

This conversation is currently closed to new comments.
Creator

Topic

All Comments

Author

Replies
- June 27, 2010 at 11:09 pm #2869315
  
  You, sir
  
  by santeewelding · about 12 years, 7 months ago
  
  In reply to Security Questions – using Widely known facts?
  
  Are what is ironical.
  - June 28, 2010 at 1:01 am #2869306
    
    he is
    
    by jaqui · about 12 years, 7 months ago
    
    In reply to You, sir
    
    right though Santee.
    to bad he didn’t have the balls to phrase this:
    But using too widely known facts as security questions does seem ironical.
    
    as it should have been:
    
    But using too widely known facts as security questions does seem assinine
- July 30, 2010 at 11:16 pm #3039951
  
  surely
  
  by ze_un_predictable · about 12 years, 6 months ago
  
  In reply to Security Questions – using Widely known facts?
  
  Surely something should really been done about the it is done. Subottage is very easy in such cases of fraud. May be introducing more advanced methods like finger printing as a method to identify users/clients/customers then we see how that can be duplicated.
Author

Replies

Viewing 1 reply thread

Start or Search

Start New Discussion

This policy describes guidelines your organization can follow to track, process and decommission IT equipment. From the policy: SUMMARY An organization’s IT hardware inventory constitutes a significant capital investment in order to perform company operations. Because hardware represents a critical asset and often holds organizational data, it is important for the company to track each ...

Whether an infection is the result of a disgruntled employee, hardware vulnerability, software-based threat, social engineering penetration, robotic attack or human error, all organizations must be prepared to immediately respond effectively to such an issue if the corresponding damage is to be minimized. Because even the best protected networks become infected, all organizations must have ...

Every operating system should be appropriately secured, especially end user workstations which often contain or permit access to company data and upon which most employee job duties are based. To get the maximum security protection out of your Windows 10 deployments follow this checklist from TechRepublic Premium. Also included in this checklist: Security solutions Product ...

Networks

General discussion

Security Questions – using Widely known facts?

All Comments

You, sir

he is

surely

Hardware inventory policy

Malware response checklist

Checklist: Securing Windows 10 systems

Cloud data storage policy