[quote]Who’s there?
Nay, answer me. Stand and unfold yourself.
Long live the King.[/quote] The business of challenge-response authentication used to be easier. They had swords; we have cryptography. Who’s better off?
We have passwords, which must never be simple enough to remember and must not be written down on a slip of paper in our desk drawer. So we forget them and call tech support.
But they don’t want us to call tech support (expensive) so they give us a back door: a “security question.” If we can just tell them our mother’s maiden name …
But anyone can find out our mother’s maiden name, so the security questions are getting tougher. And now we arrive at the problem. They are too tough for me.
What was the name of your first pet?
Do you mean my first serious pet, a beagle called Gibbs? Or the lizard I sometimes called Chameley (spelling unknown)? According to official government guidelines for authentication by federal financial institutions, this is an example of “shared secret” authentication. “Shared secrets (something a person knows) are information elements that are known or shared by both the customer and the authenticating entity.” Here are a few more from the current list used by the Department of the Treasury:
You were born in what city?
Google it. Some secret.
What was the first car you owned?
Admittedly you can’t Google this one. Also I don’t remember.
Who would you most like to meet?
Seriously? Living or dead? I could come up with someone, but it won’t be the same tomorrow.
What is your favorite movie?
What is the location of your dream vacation?
These are “information elements,” all right. But knowledge is not fixed. Information elements can be ghostly and ephemeral. Some have half-lives measured in minutes or milliseconds. Like quantum states, they are subject to observer effects and the uncertainty principle.
There is a website called goodsecurityquestions.com. But that is bravado. There are no good security questions.
# # #
(Meanwhile, I seem to be losing my ability to make out the captchas. Is it just me?)
I love reading your snippets of wisdom, but there is one good question, and it says far more about me I’m sure than your lucidly crafted apostrophe:
What is your bra size?
(only maternity issues and acute weight change affects the vital answer. Although it can change depending on brand/fit: so a more apt question is, What is your bra size in either (a) your best support bra or (b) your sports bra and (c) your party bra?
Disclaimer, in sense that bras purchased online could leave a hackable digitrail of evidence.
At risk of offending, there is one aspect of the human male which remains constant at specified times of varying activity. Unless intefered with by surgery or chemistry, I don’t see a change in this answer to what is a very secret question.
Or how about “What’s your favourite password”? That might provoke old favourites like “open sesame” or “its little red riding hood” and with a bit of extension, “abracadabra” or “shazam”, but it would probably just end up with a mundane “password”.
What’s really unfair about passwords is that they ask you to identify some unique singularity that you unfailingly remember but other people either do not know or forget – and then they ask you to change it. The point of a mnemonic is….?
Great reading….I still have nightmares about forgetting the combination to my high school locker!
“To dream that you cannot open a locker or that your forgot the combination, suggests that you are unsure of where you stand in a particular situation. You feel you have lost some aspect of yourself. In other words, you are on shaky ground. If you cannot find your locker, then it symbolizes your insecurities about your role or position in a situation.”
Ah, my nightmare involved forgetting the combination of my P.O. Box in boarding school and then later in college. This recurring nightmare went on for years past graduation. Haven’t had it in years, but my luck it will now be reconjured. Come to think out it the combination futility also transferred to the gymnasium. Yoiks.
Could it be that captchas are getting more difficult to decipher because the bots they protect against are getting smarter? Is it an arms-race?
My mother’s maiden name-now that’s helpful- it’s Smith.
A friend who was a spy always preferred his father’s profession- He was a fifth generation plumber
We may be forgetting that, even though security questions verge on the personal, it’s just a manipulation of the human mind. After all, we’re only asked them when we click “Forgot Your Password?” Forgetting being a uniquely human experience, the computer at the other end needs no reminder of our password. Security questions are a trade; we supply information our brain won’t forget (family details, personal secrets) for information it couldn’t help but forget (an 8-character password containing one capital letter, one lower-case letter, one number, and one punctuation symbol).
I put The Information down long enough to write you. Vis a vis your section on coined words. My friend coined a word that deserves adoptation: infracanophile. I leave it to your Greek, Latin or whatever to define the word. Maybe you can get it into the OED. Please don’t stop writing.
I do write down my passwords and other sensitive information but I keep tight control over that repository. However, since I do that I can make better use of these ‘forgot your password’ questions, I give them wrong answers.
What was your first car? Topeka.
Where were you born? Blue.
Google that all you want, you’ll never find the answers and all I have to do is open up my magic book to find the information. I’m about to take this to version 2.0 by consistently using the same wrong answer for the same question so I will have a hope of remembering it. I just hope I don’t forget and use my wrong answer for a legitimate request, like my drivers license application.
Now, where did I leave my magic book?
Love “Information”. I’m about halfway through it.