Your mother's maiden name

Steven Hodas hhll at u.washington.edu
Mon Nov 1 18:33:50 PST 1993



About a year ago my wife got a phone call from a stranger claiming to believe
he had gone to high school with her, but he wasn't really sure.  After
a whole song and dance he finally said, nonchalantly, "Well, gee, what was 
your mother's maiden name?"

Since her mother's maiden name was not, "Fuck you, asshole", I gathered 
from those words that she had figured out his scam. 

Who knows who he was. We immediatley changed all maiden-name passwords to
something more obscure and less socially-engineerable.
 

Steven

    ______________________________________________________
   |                                                      |
   |    HORSE HORSE LION LION, A Consulting Cooperative   | 
   |              "Information into Culture"              | 
   |                                                      | 
   |      Steven Hodas/Catherine Holland, Principals      |
   |                                                      | 
   |    hhll at u.washington.edu   VOICE/FAX 206.285.5975    |
   |______________________________________________________|


On Mon, 1 Nov 1993, Arthur Chandler wrote:

> 
>  At least three places/organizations I do business with ask for this bit 
> of info as a "security check." The idea being, I think that you mother's 
> maiden name is something that only those intimately familiar with your 
> family would know, and therefore is an easy, universally applicable kind 
> of "password" to be used before handing out sensitive info.
>  But I've always wondered just how secure this "password" is. Recalling 
> Eric Hughes statement that "cryptography is all economics," and 
> realizing that someone with an unlimited budget could probably scrounge 
> that info after some effort -- just how much effort would it take? And 
> how secure is "mom's maiden name" as a password for obtaining sensitive 
> information over the phone?
> 
> 







More information about the cypherpunks-legacy mailing list