SQR Consulting Home Page

For all your Quality Management and Continual Improvement Initiatives and Standards
 
 SQR Consulting Home PageSQR Home Page  ForumsForums  FAQFAQ   Search ForumSearch Forum   Forum MemberlistForum Memberlist   Forum UsergroupsForum Usergroups  Who is logged onWho is logged on   Register for ForumRegister for Forum 
 Forum ProfileForum Profile   Log in to check your private messagesLog in to check your private messages  Chat RoomChat Room    Log in to ForumLog in to Forum 

Weak web account ID tools undermining security

 
Post new topic   Reply to topic   printer-friendly view    strategic-quality-resources.com Forum Index -> Information Security Management Systems (ISMS)
View previous topic :: View next topic  
Author Message
GaryW
Site Admin


Joined: 14 Oct 2005
Posts: 106545
Location: Adelaide, Australia
as.gif
PostPosted: Wed Mar 10, 2010 7:49 am    Post subject: Weak web account ID tools undermining security Reply with quote
David Neal, V3.co.uk, Tuesday 9 March 2010 at 11:43:00
Personal questions such as as 'pet's name' are unsafe, say researchers
The security mechanisms used to protect online accounts are inherently
flawed, according to a new paper by researchers at Cambridge and Edinburgh
universities.
Joseph Bonneau, Mike Just and Greg Matthews argue in a paper entitled
What's
in a name? (PDF) that security questions used to verify an account can
often be beaten by simple guesswork or through some personal knowledge of the
account holder.
\"Despite their ubiquity, personal knowledge questions have received
relatively little attention from the security community until recently,\" the
paper said.
\"User studies have demonstrated the ability of friends, family and
acquaintances to guess answers correctly, while other research has found that
some questions used have a tiny set of possible answers.
\"Many common questions have also been shown to have answers readily available
in public databases or online social networks.\"
The researchers looked at the type of security questions asked using data
from a range of online service providers, including banks and financial
institutions, as well as webmail services such as Hotmail, Gmail and Yahoo Mail.
One in three asked for a person's name, and one in five asked for a place
name. The researchers said that, when faced with these questions and given three
guesses, an attacker can compromise roughly one in 80 accounts.
The use of names is unwise because it is possible to identify and focus on
the most common names in any given location. The name Smith is popular in the
Western world, for example, while Kim is very common in Korea.
\"Given names are a matter of fashion and vary in several interesting
dimensions. In the countries studied, female names seem to provide slightly
higher resistance to guessing than male names,\" said the paper.
\"The diversity of forenames has been increasing slowly but steadily over the
past six decades in the US. Curiously, pet names are slightly harder to guess
than human names.\"


Read more...

Source: The most recent articles from vnunet.com
The most recent articles from vnunet.com (Generated on Tuesday 9 March 2010 at 22:17:23)
_________________
Regards,

Gary Wilkinson
Founder & Principal Consultant
SQR Consulting
Back to top
GaryW is offline View user's profile Send private message Send e-mail Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic   printer-friendly view    strategic-quality-resources.com Forum Index -> Information Security Management Systems (ISMS) All times are GMT + 9.5 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum

© 2005 SQR Consulting - All rights reserved
ABN : 60512166070



Powered by phpBB © 2001, 2005 phpBB Group