Tuesday, May 19, 2009

Not-so-secret Recovery

Over the years I've discussed the topic of breaking Web application/portal passwords many times and, as I've constantly said, the easiest way to hack a users account is typically through the "password recovery" facilities.

On that topic, there's a new research paper that puts some figures to how successful the technique is. The paper goes by the title "It's no secret" and quantifies the reliability of 'secret' questions as a back-door to authentication systems.

I'd recommend a read of the new paper when you get a chance - and probably combine it with some of the following reading as well...
Passwords Revisited
Challenging Challenge Questions
Choosing Better Challenge Questions

No comments:

Post a Comment