Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.security.misc > #1329

Re: random passwords

From Jean-David Beyer <jeandavid8@verizon.net>
Newsgroups alt.os.linux, comp.os.linux.misc, comp.security.misc
Subject Re: random passwords
Date 2018-08-26 01:19 -0400
Organization NewsGuy - Unlimited Usenet $23.95
Message-ID <pltd860127t@news3.newsguy.com> (permalink)
References (7 earlier) <87lg8uqv9x.fsf@hpz420.dhh.gt.org> <pls3bu$p7f$3@dont-email.me> <87bm9qqpj0.fsf@hpz420.dhh.gt.org> <plse3k$2ne$1@dont-email.me> <GK2dnWxgcoDYjR_GnZ2dnUU7-XnNnZ2d@giganews.com>

Cross-posted to 3 groups.

Show all headers | View raw

On 08/25/2018 10:28 PM, Robert Heller wrote:
> At Sat, 25 Aug 2018 20:27:32 -0000 (UTC) Rich <rich@example.invalid> wrote:
>                                                                      
> 
> One other bit of idiocy is the "Security Question" nonsense favored by banks.  
> Rather then have the customer make up the Security Question(s), the on-line 
> banking software has a fixed hardwired set, most of which have answers that 
> can be easily determined from public information (assuming the customer 
> records "honest" answers).  Stuff like "Who was your best man at your 
> wedding?" Do people make wedding guests sign NDAs? -- I think not -- an 
> attacker can do some social engineering and/or public records searches and 
> have a short list of answers for each of the stock Security Questions for the 
> target customer.
> 
> If the *customer* made up the Security Question(s), they can be any random 
> thing.  And if the "Security Question(s)" were in fact nonsense, with nonsense 
> answers, that layer of security would have very high entropy.
> 
What bugs me with those is that often none of the  offered questions
have answers because they do not apply to me.

Stuff like "Who was your best man at your wedding?" when I was never
married. "What is the name of your favorite pet?" when I never had a
pet. "What was the address of the first house you lived in?" when I do
not have the slightest idea. "What is your favorite football team?" when
I have no interest in sports and do not even know the names of any
football teams.

-- 
  .~.  Jean-David Beyer          Registered Linux User 85642.
  /V\  PGP-Key:166D840A 0C610C8B Registered Machine  1935521.
 /( )\ Shrewsbury, New Jersey    http://linuxcounter.net
 ^^-^^ 01:10:01 up 10 days, 17:28, 2 users, load average: 4.52, 4.78, 4.80

Back to comp.security.misc | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

random passwords Ivan Shmakov <ivan@siamics.net> - 2018-08-23 14:05 +0000
  Re: random passwords Robert Heller <heller@deepsoft.com> - 2018-08-23 09:47 -0500
    Re: random passwords Wouter Verhelst <w@uter.be> - 2018-08-24 10:16 +0200
      Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-24 11:46 +0100
        Re: random passwords Jean-David Beyer <jeandavid8@verizon.net> - 2018-08-24 09:19 -0400
        Re: random passwords Daniel60 <daniel47@eternal-september.org> - 2018-08-25 21:57 +1000
          Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-25 13:32 +0100
  Re: random passwords Richard Kettlewell <invalid@invalid.invalid> - 2018-08-23 15:50 +0100
    Re: random passwords Ivan Shmakov <ivan@siamics.net> - 2018-08-23 16:40 +0000
      Re: random passwords Rich <rich@example.invalid> - 2018-08-23 17:12 +0000
      Re: random passwords Richard Kettlewell <invalid@invalid.invalid> - 2018-08-23 18:49 +0100
        Re: random passwords Ivan Shmakov <ivan@siamics.net> - 2018-09-01 13:45 +0000
          Re: random passwords Rich <rich@example.invalid> - 2018-09-01 15:02 +0000
          Re: random passwords Allodoxaphobia <knock_yourself_out@example.net> - 2018-09-01 16:54 +0000
          Re: random passwords Richard Kettlewell <invalid@invalid.invalid> - 2018-09-04 07:37 +0100
  Re: random passwords Rich <rich@example.invalid> - 2018-08-23 15:12 +0000
    Re: random passwords Jean-David Beyer <jeandavid8@verizon.net> - 2018-08-23 12:49 -0400
      Re: random passwords Rich <rich@example.invalid> - 2018-08-23 17:18 +0000
        Re: random passwords William Unruh <unruh@invalid.ca> - 2018-08-23 17:27 +0000
          Re: random passwords Rich <rich@example.invalid> - 2018-08-23 17:44 +0000
    Re: random passwords Grant Taylor <gtaylor@tnetconsulting.net> - 2018-08-23 12:38 -0600
      Re: random passwords Grant Taylor <gtaylor@tnetconsulting.net> - 2018-08-23 12:47 -0600
        Re: random passwords William Unruh <unruh@invalid.ca> - 2018-08-24 02:20 +0000
        Re: random passwords Jasen Betts <jasen@xnet.co.nz> - 2018-08-24 05:10 +0000
      Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-24 02:32 +0100
        Re: random passwords Rich <rich@example.invalid> - 2018-08-24 01:56 +0000
          Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-24 11:37 +0100
        Re: random passwords Grant Taylor <gtaylor@tnetconsulting.net> - 2018-08-23 20:13 -0600
          Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-24 11:42 +0100
            Re: random passwords Chris Elvidge <chris@mshome.net> - 2018-08-24 11:55 +0100
              Re: random passwords Paul <nospam@needed.invalid> - 2018-08-24 08:37 -0400
                Re: random passwords Chris Elvidge <chris@mshome.net> - 2018-08-24 13:51 +0100
                Re: random passwords Paul <nospam@needed.invalid> - 2018-08-24 12:41 -0400
            Re: random passwords not@telling.you.invalid (Computer Nerd Kev) - 2018-08-25 02:03 +0000
              Re: random passwords Java Jive <java@evij.com.invalid> - 2018-08-25 11:32 +0100
              Re: random passwords Paul <nospam@needed.invalid> - 2018-08-25 07:49 -0400
                Re: random passwords not@telling.you.invalid (Computer Nerd Kev) - 2018-08-27 23:12 +0000
                Re: random passwords not@telling.you.invalid (Computer Nerd Kev) - 2018-08-27 23:40 +0000
                Re: random passwords Paul <nospam@needed.invalid> - 2018-08-27 20:10 -0400
                Re: random passwords William Unruh <unruh@invalid.ca> - 2018-08-28 00:17 +0000
                Re: random passwords Jean-David Beyer <jeandavid8@verizon.net> - 2018-08-27 20:52 -0400
                Re: random passwords John Hasler <jhasler@newsguy.com> - 2018-08-27 22:31 -0500
                Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-28 10:23 +0100
                Re: random passwords William Unruh <unruh@invalid.ca> - 2018-08-28 14:45 +0000
                Re: random passwords not@telling.you.invalid (Computer Nerd Kev) - 2018-08-28 23:00 +0000
                Re: random passwords William Unruh <unruh@invalid.ca> - 2018-08-29 01:22 +0000
                Re: random passwords not@telling.you.invalid (Computer Nerd Kev) - 2018-08-29 07:21 +0000
                Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-29 11:37 +0100
                Re: random passwords William Unruh <unruh@invalid.ca> - 2018-08-29 12:25 +0000
                Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-29 19:35 +0100
                Re: random passwords John Hasler <jhasler@newsguy.com> - 2018-08-29 17:46 -0500
                Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-30 06:53 +0100
                Re: random passwords John Hasler <jhasler@newsguy.com> - 2018-08-30 07:48 -0500
                Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-30 19:07 +0100
                Re: random passwords William Unruh <unruh@invalid.ca> - 2018-08-31 00:36 +0000
                Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-31 03:10 +0100
                Re: random passwords Chris Elvidge <chris@mshome.net> - 2018-08-31 12:26 +0100
                Re: random passwords William Unruh <unruh@invalid.ca> - 2018-08-29 23:36 +0000
                Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-29 11:35 +0100
                Re: random passwords not@telling.you.invalid (Computer Nerd Kev) - 2018-08-29 23:45 +0000
      Re: random passwords Ivan Shmakov <ivan@siamics.net> - 2018-08-24 18:07 +0000
        Re: random passwords William Unruh <unruh@invalid.ca> - 2018-08-24 20:27 +0000
    Re: random passwords Bud Frede <frede@mouse-potato.com> - 2018-09-03 07:23 -0400
  Re: random passwords Ivan Shmakov <ivan@siamics.net> - 2018-08-23 16:57 +0000
    Re: random passwords Rich <rich@example.invalid> - 2018-08-23 17:07 +0000
  Re: random passwords William Unruh <unruh@invalid.ca> - 2018-08-23 17:02 +0000
    Re: random passwords Ivan Shmakov <ivan@siamics.net> - 2018-08-23 17:25 +0000
      Re: random passwords William Unruh <unruh@invalid.ca> - 2018-08-23 17:32 +0000
      Re: random passwords Rich <rich@example.invalid> - 2018-08-23 17:46 +0000
        Re: random passwords Ivan Shmakov <ivan@siamics.net> - 2018-08-23 18:07 +0000
        Re: random passwords Grant Taylor <gtaylor@tnetconsulting.net> - 2018-08-23 12:51 -0600
    Re: random passwords Allodoxaphobia <knock_yourself_out@example.net> - 2018-08-24 02:35 +0000
  Re: random passwords John Hasler <jhasler@newsguy.com> - 2018-08-25 11:13 -0500
    Re: random passwords Rich <rich@example.invalid> - 2018-08-25 17:24 +0000
      Re: random passwords John Hasler <jhasler@newsguy.com> - 2018-08-25 13:17 -0500
        Re: random passwords Rich <rich@example.invalid> - 2018-08-25 20:27 +0000
          Re: random passwords Robert Heller <heller@deepsoft.com> - 2018-08-25 21:28 -0500
            Re: random passwords Jean-David Beyer <jeandavid8@verizon.net> - 2018-08-26 01:19 -0400
              Re: random passwords Rich <rich@example.invalid> - 2018-08-26 13:43 +0000
                Re: random passwords Ivan Shmakov <ivan@siamics.net> - 2018-08-26 14:15 +0000
                Re: random passwords Rich <rich@example.invalid> - 2018-08-26 15:18 +0000
                Re: random passwords Robert Heller <heller@deepsoft.com> - 2018-08-26 09:30 -0500
              Re: random passwords Michael Black <mblack@pubnix.net> - 2018-08-26 11:44 -0400
                Re: random passwords John Hasler <jhasler@newsguy.com> - 2018-08-26 16:40 -0500
                Re: random passwords Robert Heller <heller@deepsoft.com> - 2018-08-26 21:11 -0500
                Re: random passwords Allodoxaphobia <knock_yourself_out@example.net> - 2018-08-28 13:29 +0000
                Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-28 14:32 +0100
                Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-27 07:17 +0100
                Re: random passwords Melzzzzz <Melzzzzz@zzzzz.com> - 2018-08-27 06:21 +0000
                Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-27 08:15 +0100
                Re: random passwords Roger Blake <rogblake@iname.invalid> - 2018-08-27 22:44 +0000
              Re: random passwords azigni <azigni@yahoo.com> - 2018-08-26 12:55 -0600
                Re: random passwords Robert Heller <heller@deepsoft.com> - 2018-08-26 16:09 -0500
                Re: random passwords Rich <rich@example.invalid> - 2018-08-26 21:32 +0000
                Re: random passwords Robert Heller <heller@deepsoft.com> - 2018-08-26 21:11 -0500
                Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-27 07:19 +0100
            Re: random passwords Doug McIntyre <merlyn@dork.geeks.org> - 2018-08-26 00:41 -0500
              Re: random passwords Robert Heller <heller@deepsoft.com> - 2018-08-26 06:48 -0500

csiph-web