Comments on: It’s all fun and games until someone brings up FiFi http://blog.privcom.gc.ca/index.php/2009/05/12/it%e2%80%99s-all-fun-and-games-until-someone-brings-up-fifi/ Thu, 26 Aug 2010 15:45:28 +0000 http://wordpress.org/?v=2.9.1 hourly 1 By: Colin McKay http://blog.privcom.gc.ca/index.php/2009/05/12/it%e2%80%99s-all-fun-and-games-until-someone-brings-up-fifi/comment-page-1/#comment-3086 Colin McKay Wed, 20 May 2009 20:12:31 +0000 http://blog.privcom.gc.ca/?p=330#comment-3086 First of all, I'd like to thank Alice Cooper for dropping by. It's nice to see that we're connecting with the old school rockers. :-) I agree that there's a lot more to say about this. I also have to point out that my bank asks for my mother's maiden name as an identity check when I call the online service centre. First of all, I’d like to thank Alice Cooper for dropping by. It’s nice to see that we’re connecting with the old school rockers. :-)

I agree that there’s a lot more to say about this. I also have to point out that my bank asks for my mother’s maiden name as an identity check when I call the online service centre.

]]> By: Alice Cooper http://blog.privcom.gc.ca/index.php/2009/05/12/it%e2%80%99s-all-fun-and-games-until-someone-brings-up-fifi/comment-page-1/#comment-3085 Alice Cooper Wed, 20 May 2009 20:07:59 +0000 http://blog.privcom.gc.ca/?p=330#comment-3085 Nice post, and good advice - but I think it should go further. For one, middle names, and related family names can be picked out from numerous databases (many from the gov't itself). You don't need twitter to get this information, so perhaps the target of your article could have been web sites with terrible security, such as those described (banks, etc using middle names as passwords...). At the same time, I've never used a bank or website that asked such trivial information for a secret question... Nice post, and good advice – but I think it should go further. For one, middle names, and related family names can be picked out from numerous databases (many from the gov’t itself). You don’t need twitter to get this information, so perhaps the target of your article could have been web sites with terrible security, such as those described (banks, etc using middle names as passwords…).

At the same time, I’ve never used a bank or website that asked such trivial information for a secret question…

]]> By: Colin McKay http://blog.privcom.gc.ca/index.php/2009/05/12/it%e2%80%99s-all-fun-and-games-until-someone-brings-up-fifi/comment-page-1/#comment-3053 Colin McKay Tue, 19 May 2009 12:51:09 +0000 http://blog.privcom.gc.ca/?p=330#comment-3053 Thanks, Mike. That's an important point. I guess the point of the post was to emphasize to people that they should safeguard their information more carefully, even if the existing security measures could be improved. We'll certainly talk about security measures in the future. Thanks, Mike. That’s an important point. I guess the point of the post was to emphasize to people that they should safeguard their information more carefully, even if the existing security measures could be improved. We’ll certainly talk about security measures in the future.

]]> By: Mike Pelletier http://blog.privcom.gc.ca/index.php/2009/05/12/it%e2%80%99s-all-fun-and-games-until-someone-brings-up-fifi/comment-page-1/#comment-3052 Mike Pelletier Tue, 19 May 2009 12:39:25 +0000 http://blog.privcom.gc.ca/?p=330#comment-3052 I wonder if this post would have been better spent explaining what is wrong with using information like this for security and identification purposes. Anyone involved with security thinks these "maiden name" questions are used to provide the user with a feeling of security, not to actually make anything more secure. There are genuine "two factor" authentication methods, methods that use a password and something else, but these questions do not represent a second factor, they are just a second password. Passwords that we are encouraged to make as guessable as possible and never change. It's absurd when you think about it. I wonder if this post would have been better spent explaining what is wrong with using information like this for security and identification purposes.

Anyone involved with security thinks these “maiden name” questions are used to provide the user with a feeling of security, not to actually make anything more secure. There are genuine “two factor” authentication methods, methods that use a password and something else, but these questions do not represent a second factor, they are just a second password. Passwords that we are encouraged to make as guessable as possible and never change. It’s absurd when you think about it.

]]> By: Garth http://blog.privcom.gc.ca/index.php/2009/05/12/it%e2%80%99s-all-fun-and-games-until-someone-brings-up-fifi/comment-page-1/#comment-3041 Garth Sun, 17 May 2009 14:58:30 +0000 http://blog.privcom.gc.ca/?p=330#comment-3041 What a great blog! Kudos for communicating with Canadians this way. I've tweeted this particular post @SocialMediaMash What a great blog! Kudos for communicating with Canadians this way. I’ve tweeted this particular post @SocialMediaMash

]]>