Re: Anonymous vs false IDs
From: kovar@nda.com (David Kovar)
There is a lot of effort being put into creating tools to mask identities. I'm curious why people don't go a different route - creating a false electronic identity? If you have control over your own system, it is easy enough to create an account. Lacking that, there are a lot of companies out there offering low cost accounts on Unix systems with full Internet access. Why not get an account in a different name rather than using anonymous remailers?
If you use five different identities, why waste your money paying for five accounts, especially if some of them are used only infrequently? Why have a full UNIX account (like my account on PANIX, say) for an identity that won't need to do anything but send out a couple of email messages now and then? What if you create and kill off personas relatively frequently? Having everything centralized seems like the most logical way to go--don't forget, separate accounts would mean setting up separate .profile files, copying code from one place to another all the time, keeping duplicate copies of things, etc., etc. The exception would be when you have identities or "lives" that are truly separate, with little overlap, but even then I'd prefer having full access to all my files and robots in one place all the time. If I had an Internet connection on my own box at home, sure, it might be more convenient to segregate things in separate accounts, but most people don't have that luxury yet. --Dave.
David Mandl <dmandl@lehman.com> wrote:
If you use five different identities, why waste your money paying for five accounts, especially if some of them are used only infrequently?
Why have a full UNIX account (like my account on PANIX, say) for an identity that won't need to do anything but send out a couple of email messages now and then?
Perhaps it would be better to set up a remailer where people could create a pseudonymous accounts on it. If the remailer didn't have an obvious "anon" name, most people probably wouldn't realize that it was a remailer, and might think that it was a real site with real users.
At least three places/organizations I do business with ask for this bit of info as a "security check." The idea being, I think that you mother's maiden name is something that only those intimately familiar with your family would know, and therefore is an easy, universally applicable kind of "password" to be used before handing out sensitive info. But I've always wondered just how secure this "password" is. Recalling Eric Hughes statement that "cryptography is all economics," and realizing that someone with an unlimited budget could probably scrounge that info after some effort -- just how much effort would it take? And how secure is "mom's maiden name" as a password for obtaining sensitive information over the phone?
re: cost of obtaining mother's maiden name.
And how secure is "mom's maiden name" as a password for obtaining sensitive information over the phone?
Not very. Birth records and marriage records tend to be public record. Organizations that do genealogical research tend to have this data around, although they don't always make it easy to get data on the living. On the other hand, most organizations I've dealt with that use it just use it as a password field. You can just pretend that the person on the other end of the line is asking "What is your password?" rather than the standard question. Eric
About a year ago my wife got a phone call from a stranger claiming to believe he had gone to high school with her, but he wasn't really sure. After a whole song and dance he finally said, nonchalantly, "Well, gee, what was your mother's maiden name?" Since her mother's maiden name was not, "Fuck you, asshole", I gathered from those words that she had figured out his scam. Who knows who he was. We immediatley changed all maiden-name passwords to something more obscure and less socially-engineerable. Steven ______________________________________________________ | | | HORSE HORSE LION LION, A Consulting Cooperative | | "Information into Culture" | | | | Steven Hodas/Catherine Holland, Principals | | | | hhll@u.washington.edu VOICE/FAX 206.285.5975 | |______________________________________________________| On Mon, 1 Nov 1993, Arthur Chandler wrote:
At least three places/organizations I do business with ask for this bit of info as a "security check." The idea being, I think that you mother's maiden name is something that only those intimately familiar with your family would know, and therefore is an easy, universally applicable kind of "password" to be used before handing out sensitive info. But I've always wondered just how secure this "password" is. Recalling Eric Hughes statement that "cryptography is all economics," and realizing that someone with an unlimited budget could probably scrounge that info after some effort -- just how much effort would it take? And how secure is "mom's maiden name" as a password for obtaining sensitive information over the phone?
According to Arthur Chandler:
But I've always wondered just how secure this "password" is. Recalling Eric Hughes statement that "cryptography is all economics," and realizing that someone with an unlimited budget could probably scrounge that info after some effort -- just how much effort would it take? And how secure is "mom's maiden name" as a password for obtaining sensitive information over the phone?
You mean you told them your mother's REAL maiden name? Bummer. ;^) J. Michael Diehl ;^) |*The 2nd Amendment is there in case the mdiehl@triton.unm.edu | Government forgets about the 1st! <RL> Mike.Diehl@f29.n301.z1 |*God is a good Physicist, and an even .fidonet.org | better Mathematician. <Me> al945@cwns9.ins.cwru.edu|*I'm just looking for the opportunity to (505) 299-2282 (voice) | be Politically Incorrect! <Me> Can we impeach him yet? |*Protected by 18 USC 2511 and 18 USC 2703.
participants (6)
-
Arthur Chandler -
dmandl@lehman.com -
hughes@ah.com -
J. Michael Diehl -
Matthew J Ghio -
Steven Hodas