Educause Security Discussion mailing list archives
Re: Password hints
From: Brian Kaye <bdk () UNB CA>
Date: Sun, 14 Dec 2008 18:25:43 -0400
On Mon, 15 Dec 2008, Russell Fulton wrote:
Date: Mon, 15 Dec 2008 07:54:55 +1300 From: Russell Fulton <r.fulton () AUCKLAND AC NZ> Reply-To: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Password hints On 13/12/2008, at 12:57 PM, Brian Kaye wrote:Why not allow them to create their own challenge question with some appropriate scan of the question and answer?the later is the difficult bit. How do you stop people including the password in the question? Russell
A comparision of the text at the time the question is set would eliminate the clear text answers. You might do any of a bunch of matches to invalidate a question. Any answer that is encoded in the question by some alorithm only the owner knows might suffice. Certainly better than the maiden name/ fovorite colour questions. .....Brian
Current thread:
- Password hints Stewart, Ian (Dec 12)
- <Possible follow-ups>
- Re: Password hints Jason C. Belford (Dec 12)
- Re: Password hints Neil Matatall (Dec 12)
- Re: Password hints Strzelec, Wally (Dec 12)
- Re: Password hints Brian Kaye (Dec 12)
- Re: Password hints Zach Jansen (Dec 12)
- Re: Password hints Russell Fulton (Dec 14)
- Re: Password hints Wayne Samardzich (Dec 14)
- Re: Password hints Brian Kaye (Dec 14)
- Re: Password hints Roger Safian (Dec 15)
- Re: Password hints Gary Flynn (Dec 15)
- Re: Password hints Cal Frye (Dec 15)
- Re: Password hints Adam Schumacher (Dec 15)
- Re: Password hints Darren Schell (Dec 15)