Security Questions Considered Harmful

BSidesLV 2015

Presented by: Jim Fenton
Date: Wednesday August 05, 2015
Time: 10:00 - 10:25
Location: Tuscany
Track: Passwords

Many sites require users to provide answers to "security questions," which are typically used as part of the account recovery process. This talk will explore the nature of these questions and answers, and present problems associated with this practice.

Jim Fenton

Jim is a consultant and researcher with a focus on user-centric identity and Internet privacy and security issues, currently supporting the NIST Information Technology Lab. Previously, Jim was CSO at OneID and a Distinguished Engineer at Cisco. He was an author of RFC 4871 (DomainKeys Identified Mail, DKIM), RFC 4686 (DKIM threat analysis), and RFC 5617 (DKIM Author Domain Signing Practices).


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats