|
|
|
|
|
|
by reemrevnivek
5568 days ago
|
|
|
Disagree - Security questions are much easier to brute force than passwords. Assuming that you can send an answer to the database quickly and automatically, and that you can select your dictionary based on the question, most of the questions are easy. Names? http://www.census.gov/genealogy/names is a good database for the US; 1,711 names will get you the top 50% of last names for "Mother's maiden name", questions. 59 male names and 138 female names also represents 50% of the population (Yes, we're pretty unoriginal). There are <100,000 first and last names in total which cover 90% of the population. (not combinations) Birthdates? There are 365 days in a year, so 36,500 numbers will cover this one. Last N digits of your drivers' license/social security number/credit card? There are 10^N such numbers. N is often 4, which is a measly 1,000 numbers. Pretty measly stats. |
|
|