Monday, October 08, 2007

Identity Protection Safeguard questions; RSA

I’ve always wonder how effective those security questions that many websites require to reissue or let users reset their own passwords. The Sunday, Oct. 7, 2007 “Style & Arts” Section M of The Washington Post has a front page story by Monica Hesse, “This Is Your Life: As Determined By Confounding Identity-Protecting Safeguards.” The article mentions Chillicothe as a home town – well, if that’s Ohio (well within “Days of our Lives” territory) it’s a station on the old Erie Canal – but it doesn’t have to be Ohio.

The article discusses a company called Verid, with is RSA Identity Verification (“Remote Security Authentication”). The company can search public records databases (although many localities have been removing these from the Internet) for other questions to really challenge the visitor for sensitive clients. The philosophy behind the design of the questions is a subject of some interest. Programmers and geeks may not be sensitive to the kind of questions that people can answer and that are the most effective screeners. This sounds like a real field for research.

No comments: