Subscribe to
Computerworld Sites' personal questions may pose security risk
Active Comments
March 27, 2008 (PC World) What did your maternal grandfather do for a living? What was your high school mascot's name? Your first pet's name?
If you have an online account at a retailer like Amazon.com, you've probably run into such questions when opening an account or when trying to recover one of the dozens of passwords you juggle in your head. Online businesses everywhere have embraced the technique, which is called knowledge-based authentication.Theoretically, the answers to these questions are so personal and obscure that knowing them proves you are you. Experts say, however, that the technology could end up helping hackers compromise your online accounts more easily.
Knowledge-based authentication doesn't replace user names and passwords; it's an extra layer of security on top of such schemes, since hackers who stumble across your log-in credentials won't easily figure out the name of your high-school sweetheart. Collecting log-in information and answers to secret questions from your computer requires keylogging software, making it harder for malicious hackers to triumph.
Phishers Get Close to Home
Jon Fisher, whose firm, Bharosa (acquired by Oracle last year), develops questions for companies to use, says knowledge-based authentication adds a step for account access. "Phishing both those pieces of information is fairly sophisticated," he says.
But scammers have adapted, adding secret questions to their decoy pages, says Lance James, CTO at fraud research company Secure Science. Bank phishing sites may include their own fraudulent drop-down lists that capture people's answers, which bad guys can then use to hack real accounts.
Even when hackers don't resort to subterfuge, these nuggets of information can be easier targets than passwords. Author and Windows security expert Mark Burnett has observed that seemingly random questions such as "What was the make of your first car?" have a narrow list of answers -- in the case of autos, 38 major makers -- that hackers can use to try to break into an account, versus a vast multitude of password combinations.
Reprinted with permission from
For more PC news, visit PCWorld.com.Story copyright 2008 PC World Communications. All rights reserved.
Today's Top Stories
Resource Alerts
Webcasts
The Impact of Social Networks on Mobility Strategies
| XenServer FREE trial Citrix XenServer is the simplest and most effective way to virtualize and provision servers. XenServer combines comprehensive server virtualization capabilities with unparalleled scalability, performance, economics, and ease-of-use. Based on the open source Xen hypervisor, XenServer delivers fast performance, easy management, and advanced features such as live migration. |
Who needs Mrs. Doubtfire? When it comes to spot-on "advice," we've got Aunt Donna.
|
Accelerate your pursuit of perfection For almost 80 years, Kodak has been helping banks, insurance companies, healthcare providers, government agencies and other businesses produce billions of document images. So Kodak is uniquely positioned to know and deliver–what customers want: easy-to-use scanners that output the best possible image quality. Download this white paper now! 
|
 Networking Know-HowFor tips and best practices on building anything in the network, see Sandra Gittlen's regular column. Click here to read the latest column by Sandra Gittlen |
| White Papers  Read up on the latest ideas and technologies from companies that sell hardware, software and services. | ||||||
|
