[Informatics] Security - The stupidity of your mother's maiden name as an identity verifier

Thu Sep 29 13:14:15 AEST 2016

I have been through the fun of having physical identity documents stolen
(credit cards, driving licence etc etc) in another country (by the ground
crew of an airline company actually).

The process of re-establishing identity is interesting. Luckily I had a
passport still, but back in Oz I thought I'd see what would have happened
if I hadn't.

First thing was to get bank ID. This needed a couple of bills in my name
sent to my physical address. I had these, but a half-intelligent crim
could easily steal these from a letterbox.

I went to a branch of my bank that I never use, presented these bills, I
think was asked for my account number (which is in the correspondence) and
a recent transaction (easy enough to work out if you tried hard). I readily
got statements on my accounts. By progressively doing this you get enough
data to get a new driving licence, though you need to know the expiry date
etc and pay a fee. At that point you have photo ID and pretty much any
other system accepts that.

What surprised me was that I reckon a determined crim could do that on
someone else's behalf - no online identity theft needed. Knowing mother's
maiden name etc would be a very easy way to assist that process.

ken (or maybe a person who took over his identity...)

On Thu, Sep 29, 2016 at 12:25 PM, Mark <mark at vceit.com> wrote:

> If you think about it, the security question - such as mother's maiden
> name, the street in which you grew up, or your favourite sports team - is
> the least secure form of online identity proof since most of the
> information is publicly-available, and never changes (unless you
> retroactively fire your mother).
>
> Many people now want security questions put to death.
>
> Until then, if you have to provide answers to such questions, just lie
> your head off.
> Henceforth, my mother is Fluffy Yum Yum, and my first cat is Nancy Thomas.
>
> https://www.wired.com/2016/09/time-kill-security-questions-answer-lies/
>
> --
>
> Mark Kelly
>
> mark at vceit.com
> http://vceit.com
>
> _______________________________________________
> http://www.edulists.com.au - FAQ, resources, subscribe, unsubscribe
> VCE Informatics Mailing List kindly supported by
> http://www.vcaa.vic.edu.au/vce/studies/infotech/itapplications3-4.html -
> Victorian Curriculum and Assessment Authority <br>
> http://www.vitta.org.au  - VITTA Victorian Information Technology
> Teachers Association Inc <br>
> http://www.swinburne.edu.au/ict/schools - Swinburne University
>

-- 
-- 
Dr Ken Price MACS(Snr) CP ACCE Professional Associate.
Immediate Past President, TASITE http://www.tasite.tas.edu.au
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.edulists.com.au/pipermail/informatics/attachments/20160929/45d2cae0/attachment.html 