WebApp Sec mailing list archives
Re: [Fwd: Re: new opensource security system product launched]
From: "David Wall @ Yozons, Inc." <dwall () yozons com>
Date: Thu, 7 Oct 2004 20:01:36 -0700
I think I understood your algorithm. What I pointed out was that it is probably no better than just password protection in real world. What is the real value addition of this method of yours in a real world application?
And in addition, what's the real novelty here? Asking people questions based on stored information about them is not new. This includes the use of biometrics, passwords, credit history, so-called "in wallet" questions (like SSN, driver's license, address), multiple choice questions, user-defined Q&A, etc. If you simply ask questions about data stored about the user, there's nothing novel, and as others have pointed out, you even leak some information to those who attempt to hack it, and you may also provide access to an account because someone knows the person, but doesn't know the password (such as a spouse, sibling, friend, co-worker, person in your HR department, managers, etc.). David
Current thread:
- [Fwd: Re: new opensource security system product launched] arun balaji (Oct 05)
- Re: [Fwd: Re: new opensource security system product launched] rohit (Oct 06)
- Re: [Fwd: Re: new opensource security system product launched] arun balaji (Oct 07)
- Re: [Fwd: Re: new opensource security system product launched] rohit (Oct 07)
- Re: [Fwd: Re: new opensource security system product launched] arun balaji (Oct 07)
- Re: [Fwd: Re: new opensource security system product launched] exon (Oct 09)
- Re: [Fwd: Re: new opensource security system product launched] Paul Johnston (Oct 15)
- Re: [Fwd: Re: new opensource security system product launched] David Wall @ Yozons, Inc. (Oct 09)
- Re: [Fwd: Re: new opensource security system product launched] Matt Fisher (Oct 09)
- Re: [Fwd: Re: new opensource security system product launched] arun balaji (Oct 07)
- Re: [Fwd: Re: new opensource security system product launched] rohit (Oct 06)
- <Possible follow-ups>
- Re: [Fwd: Re: new opensource security system product launched] Simon (Oct 12)
- RE: [Fwd: Re: new opensource security system product launched] Michael Silk (Oct 12)
- RE: [Fwd: Re: new opensource security system product launched] Michael Shirk (Oct 14)