Many sites require users to provide answers to "security questions," which are typically used as part of the account recovery process. This talk will explore the nature of these questions and answers, and present problems associated with this practice.
Jim is a consultant and researcher with a focus on user-centric identity and Internet privacy and security issues, currently supporting the NIST Information Technology Lab. Previously, Jim was CSO at OneID and a Distinguished Engineer at Cisco. He was an author of RFC 4871 (DomainKeys Identified Mail, DKIM), RFC 4686 (DKIM threat analysis), and RFC 5617 (DKIM Author Domain Signing Practices).