Home page logo

educause logo Educause Security Discussion mailing list archives

Re: Password hints
From: Brian Kaye <bdk () UNB CA>
Date: Sun, 14 Dec 2008 18:25:43 -0400

On Mon, 15 Dec 2008, Russell Fulton wrote:

Date: Mon, 15 Dec 2008 07:54:55 +1300
From: Russell Fulton <r.fulton () AUCKLAND AC NZ>
Reply-To: The EDUCAUSE Security Constituent Group Listserv
Subject: Re: [SECURITY] Password hints

On 13/12/2008, at 12:57 PM, Brian Kaye wrote:

Why not allow them to create their own challenge question with some
appropriate scan of the question and answer?

the later is the difficult bit.   How do you stop people including the
password in the question?


A comparision of the text at the time the question is set would eliminate
the clear text answers. You might do any of a bunch of matches to
invalidate a question. Any answer that is encoded in the question by some
alorithm only the owner knows might suffice. Certainly better than the
maiden name/ fovorite colour questions.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]