[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Your mother's maiden name
About a year ago my wife got a phone call from a stranger claiming to believe
he had gone to high school with her, but he wasn't really sure. After
a whole song and dance he finally said, nonchalantly, "Well, gee, what was
your mother's maiden name?"
Since her mother's maiden name was not, "Fuck you, asshole", I gathered
from those words that she had figured out his scam.
Who knows who he was. We immediatley changed all maiden-name passwords to
something more obscure and less socially-engineerable.
Steven
______________________________________________________
| |
| HORSE HORSE LION LION, A Consulting Cooperative |
| "Information into Culture" |
| |
| Steven Hodas/Catherine Holland, Principals |
| |
| [email protected] VOICE/FAX 206.285.5975 |
|______________________________________________________|
On Mon, 1 Nov 1993, Arthur Chandler wrote:
>
> At least three places/organizations I do business with ask for this bit
> of info as a "security check." The idea being, I think that you mother's
> maiden name is something that only those intimately familiar with your
> family would know, and therefore is an easy, universally applicable kind
> of "password" to be used before handing out sensitive info.
> But I've always wondered just how secure this "password" is. Recalling
> Eric Hughes statement that "cryptography is all economics," and
> realizing that someone with an unlimited budget could probably scrounge
> that info after some effort -- just how much effort would it take? And
> how secure is "mom's maiden name" as a password for obtaining sensitive
> information over the phone?
>
>