Security questions

Written by erik - 30 august 2012

Today I got a call because I applied for a credit card a few days ago. A part of the discussion went like this:

  • In order to verify your identity, I am going to ask you questions ONLY YOU knows the answer of. Are you ready?
  • Well, how are you going to know whether I lie or not?
  • I will know! I have the answers in your file.
  • So you know the answers too, I am not the only one knowing them.
  • long silence

These so called security questions makes no sense at all. Anybody that knows me would be able to answer them (my brother, my boss). Anybody that has access to my file will be able to answer them (my banker, my insurer). Anybody that asks me security questions will be able to answer them (phone companies, thousands of websites). Why are we still relying on such obvious questions?

Classified in : Homepage, 3617mylife, en - Tags : none

2 comments

monday 22 october 2012 @ 05:44 Cédric said : #1

So classical ! Some years ago, the system administrator entered in half the computers of the lab by using "personnal" informations. It is the Jack Sparrow dilemna, if nobody knows it, nobody can use it ... In Montreal, that is worse. People suppose you are not going to lie, cheat ... I don't need any proof for being paid by home insurance for exemple. My bank ask me so trivial informations that any intelligent burglar will know it (commonly, my birth date (By writing that, I realise that my best date is my birth date. I have lived with that personn for 33 years ! :p)) But how to secure phone procedure ? Numeric codes can be detected and reproduced easily, questions can be deduced or acceded ... Surely the best is quantum/geek codes. "What is your birth date ?", "Are you supposing that time is a so trivial notion ? Are you ignoring that by giving you a precise answer, I would deny all possibility of a precise birth, I would be just the probability of ....", "It is you, I am sure, you are mad !" :D Enjoy.

monday 29 october 2012 @ 19:02 erik said : #2

well, there are easy counter measure. for a date or a social security number, the system could not display the correct answer to the operator. the operator would enter the information in a form and the form will tell the operator whether the value is correct or not.

Write a comment

What is the second letter of the word htipy? : 

Categories

Archives

Tags

Last articles

Last comments