Note that the Security Question section of my profile on the acm.org web site will not let you enter "What is my Security Question?" as your Security Question in conjunction with an answer of "What is my Security Question?" presumably because user names and passwords should not be identical. I gently question the validity of that presumption, since this isn't supposed to be a username and password.
Your Security Question/Answer are at risk to (in highest-lowest order of my estimation of probability):
- Using Q/A pairs that are answerable via the public domain, e.g. What is your mother's maiden name? My Goofy Q/A is in this sense more secure than many more common formulations (at least it was until I published this vignette on the Internet under my name, etc, unless of course this whole post is part of an elaborate honey pot trap, including my exposure of the existence of said elaborate honey pot);
- Technical attacks against the client and server to recover/intercept the same information. My Goofy Q/A is as secure as any other Q/A in this regard;
- Brute forcing of Q and A, whether bit by bit or variants like word by word. Haven't tested whether sites like acm.org protect against this. There is presumably some set of Q/A questions - let's call them Armoured Goofy - that is more resistant to brute forcing than My Goofy Q/A, e.g. "What is the absolutely longest, highest entropy, m0st ^b!i^z(a_r(r@e #$@#$#@ Security Question ... I can construct?" followed by "longest possible combination of a highest entropy bizarreness I can construct as an answer". But I'm not going there.
If you'd like to steal my credit card - don't you already have that? I humbly submit that you need to work on your tradecraft if you're sniffing around the ACM for it. If - on the other hand - you'd like to steal my ACM account so that you can intercept my JACM subscription, send fake email in my name via me@acm.org, and stand in my stead to accept the Turing Award(s?) that will no doubt be one day accruing to me, to indeed bask in the magenta glow that hums in the foreground of my daily lot in life, I for one admire your dedication to the respective fields of computation, identity theft and Mike, as may be the case, and will not stand too resolutely in your way, making only handwaving attempts at defense for the sake of propriety. Not being to make myself chuckle at 3 am - on the other hand - is a risk I'm not willing to accept.
Posts
No comments:
Post a Comment