Re: Suggestions for user password reset challenge questions?

• Previous message: Michael Painter: "Firewall log help"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sun, 5 Jun 2005 21:57:46 +0200
To: Adrian DuPre <adrian.security@gmail.com>

-- What's your favourite beer brand?
-- Which ice cream flavour do you always choose?
-- Which brand is your hi-fi?
-- Favourite Tv Sit-com?
-- Which is the last letter that appears in your usual credit card?
-- When you get a bank statement, which is the last word that always
appears on the letter?

Dunno if these will help. The idea is asking stuff that nobody could
find out unless they really know the person. To increase security you
should ask at least 5 questions of this kind and expect all of them to
be answered correctly.

On 5/27/05, Adrian DuPre <adrian.security@gmail.com> wrote:
> Hi all,
> My company is in the middle of implementing an automated password
> sync/reset application that supports user password recovery/reset by
> answering predefined questions. (We define the questions, each user
> provides their own answers to the questions before they can use the
> feature)
>
> What types of questions would work well for this application? Our
> company has offices worldwide, and I prefer to avoid collecting
> information that is "too personal" in nature. So while "what is your
> favorite color?" would work well; "what is your home zip code?" and
> "what is your bank account number?" would probably not work.
>
> Thanks in advance for your suggestions!
> -Adrian
>

-- 
Emmanuel Goldstein.
Room 101, Ministry of Truth.
W2, London. Oceania.

• Previous message: Michael Painter: "Firewall log help"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]