Re: [Fwd: Re: new opensource security system product launched]

[rohit () kritikalsolutions com]

How is this in any way increasing security? Lets say your algorithm
chooses random questions to be answered by the user. So in the
registration process you are going to ask him at least that many
questions. How diverse and questions, and more precisely the anwers be?
They can range from name/place/job/car etc to interests, but how much of
it is a secret unknown to your best friend? Extending it, how much of it
will be unknown if someone does a little google search on you? In case we
can get answers to most of these questions, you are going to rely on at
least something which will be a complete secret to the user and that
something can be ....  a password? so in the end you are back to square
one. Also, someone attacking gets a new set of questions each time, so he
can easily profile the kind of person as well.
Lastly, do you believe that user are going to choose complex answers to
your questions? When they cant manage a complex password, why would they
want a complex qusetion and an answer?
In any case, once even one such system is hacked, that particular user is
doomed, because every bit of information about him is now with hackers,
while only a password could have been lost in the first case.
 just my 2 cents..
Thanks
Rohit Dube
 - http://www.prasar.org - come join the cause of silicosis victims,help
them get justice -
- http://silicosis.rediffblogs.com ---