[Informatics] Security - The stupidity of your mother's maiden name as an identity verifier

Mark mark at vceit.com
Thu Sep 29 13:25:42 AEST 2016


An alternative view...

http://cdn.ebaumsworld.com/mediaFiles/picture/566750/85150449.jpg

Regards,
Mark

On 29 September 2016 at 13:14, ken price <kenjprice at gmail.com> wrote:

> I have been through the fun of having physical identity documents stolen
> (credit cards, driving licence etc etc) in another country (by the ground
> crew of an airline company actually).
>
> The process of re-establishing identity is interesting. Luckily I had a
> passport still, but back in Oz I thought I'd see what would have happened
> if I hadn't.
>
> First thing was to get bank ID. This needed a couple of bills in my name
> sent to my physical address. I had these, but a half-intelligent crim
> could easily steal these from a letterbox.
>
> I went to a branch of my bank that I never use, presented these bills, I
> think was asked for my account number (which is in the correspondence) and
> a recent transaction (easy enough to work out if you tried hard). I readily
> got statements on my accounts. By progressively doing this you get enough
> data to get a new driving licence, though you need to know the expiry date
> etc and pay a fee. At that point you have photo ID and pretty much any
> other system accepts that.
>
> What surprised me was that I reckon a determined crim could do that on
> someone else's behalf - no online identity theft needed. Knowing mother's
> maiden name etc would be a very easy way to assist that process.
>
> ken (or maybe a person who took over his identity...)
>
>
> On Thu, Sep 29, 2016 at 12:25 PM, Mark <mark at vceit.com> wrote:
>
>> If you think about it, the security question - such as mother's maiden
>> name, the street in which you grew up, or your favourite sports team - is
>> the least secure form of online identity proof since most of the
>> information is publicly-available, and never changes (unless you
>> retroactively fire your mother).
>>
>> Many people now want security questions put to death.
>>
>> Until then, if you have to provide answers to such questions, just lie
>> your head off.
>> Henceforth, my mother is Fluffy Yum Yum, and my first cat is Nancy Thomas.
>>
>> https://www.wired.com/2016/09/time-kill-security-questions-answer-lies/
>>
>> --
>>
>> Mark Kelly
>>
>> mark at vceit.com
>> http://vceit.com
>>
>> _______________________________________________
>> http://www.edulists.com.au - FAQ, resources, subscribe, unsubscribe
>> VCE Informatics Mailing List kindly supported by
>> http://www.vcaa.vic.edu.au/vce/studies/infotech/itapplications3-4.html -
>> Victorian Curriculum and Assessment Authority <br>
>> http://www.vitta.org.au  - VITTA Victorian Information Technology
>> Teachers Association Inc <br>
>> http://www.swinburne.edu.au/ict/schools - Swinburne University
>>
>
>
>
> --
> --
> Dr Ken Price MACS(Snr) CP ACCE Professional Associate.
> Immediate Past President, TASITE http://www.tasite.tas.edu.au
>
> _______________________________________________
> http://www.edulists.com.au - FAQ, resources, subscribe, unsubscribe
> VCE Informatics Mailing List kindly supported by
> http://www.vcaa.vic.edu.au/vce/studies/infotech/itapplications3-4.html -
> Victorian Curriculum and Assessment Authority <br>
> http://www.vitta.org.au  - VITTA Victorian Information Technology
> Teachers Association Inc <br>
> http://www.swinburne.edu.au/ict/schools - Swinburne University
>



-- 

Mark Kelly

mark at vceit.com
http://vceit.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.edulists.com.au/pipermail/informatics/attachments/20160929/9352091e/attachment-0001.html 


More information about the informatics mailing list