resource center
  See your link here
|
PC World - What did your maternal grandfather do for a living? What was your high school mascot's name? Your first pet's name?
If you have an online account at a retailer like Amazon.com, you've probably run into such questions when opening an account or when trying to recover one of the dozens of passwords you juggle in your head. Online businesses everywhere have embraced the technique, which is called knowledge-based authentication.Theoretically, the answers to these questions are so personal and obscure that knowing them proves you are you. Experts say, however, that the technology could end up helping hackers compromise your online accounts more easily.
Knowledge-based authentication doesn't replace user names and passwords; it's an extra layer of security on top of such schemes, since hackers who stumble across your log-in credentials won't easily figure out the name of your high-school sweetheart. Collecting log-in information and answers to secret questions from your computer requires keylogging software, making it harder for malicious hackers to triumph.
Jon Fisher, whose firm, Bharosa (acquired by Oracle last year), develops questions for companies to use, says knowledge-based authentication adds a step for account access. "Phishing both those pieces of information is fairly sophisticated," he says.
But scammers have adapted, adding secret questions to their decoy pages, says Lance James, CTO at fraud research company Secure Science. Bank phishing sites may include their own fraudulent drop-down lists that capture people's answers, which bad guys can then use to hack real accounts.
Even when hackers don't resort to subterfuge, these nuggets of information can be easier targets than passwords. Author and Windows security expert Mark Burnett has observed that seemingly random questions such as "What was the make of your first car?" have a narrow list of answers -- in the case of autos, 38 major makers -- that hackers can use to try to break into an account, versus a vast multitude of password combinations.
For more PC news, visit PCWorld.com.
Enterprise 2.0 Applications - Block or Not?
Learn what your organization should do to control Enterprise 2.0 Applications.
Data in Action: Making the Planet Smarter
Register Now
Product Overview Brochure
Learn how to deliver secure data and applications wherever and whenever they're needed.
How to Secure and Accelerate Your Oracle Applications
Learn about the escalating application performance and security challenges facing corporations, today!
The Workday User Experience Video
Watch Workday's Creative Director, Scott Lietzke, discuss the business-centered design philosophy at Workday.
Enterprise Application Delivery: No User Left Behind
Gain the ability to deliver applications to all users, using any device, across any network.
Business Process Framework Demo
Learn about Configurable Business Processes and Calculated Fields. Watch Now!
Accelerate SSL Encrypted Applications
Gain complete visibility into SSL application sessions, making it easy to apply appropriate acceleration and security controls to all SSL traffic.
Manager Experience Demo
Go beyond self-service solutions to perform more effectively. Watch Now.
Sign up to receive updates on the latest Networking and Internet resources
Disaster Recovery & Cost Savings Zone
Thousands of customers world-wide have turned to virtualization solutions from Riverbed as a way to reduce costs.
CIO
Computerworld
CSO
DEMO
GamePro
Games.net
IDC
IDG
IDG Connect
IDG Knowledge Hub
IDG TechNetwork
IDG Ventures
IDG.net
InfoWorld
ITwhitepapers
ITworld
JavaWorld
LinuxWorld
Macworld
Network World
PC World
The Industry Standard
Copyright © 1994 - 2010 Computerworld Inc. All
rights reserved. Reproduction in whole or in part in any form or medium
without express written permission ofComputerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc. |
