QOTD - Avivah Litan on Cognitive Passwords

Banks and other companies who rely on knowledge based authentication – the process that asks users ’secret’ questions that only the legitimate can presumably answer – are in a quandry because fraudsters are answering those questions successfully all too many times.
[...]
It’s a very serious problem that deserves a serious solution. It will be solved but it will take time. In the meantime, service providers cannot count on the veracity and reliability of the process to indeed authenticate the ‘right’ and legitimate individual. -- Avivah Litan, VP Gartner Research
As Avivah explains, it turns out that the crooks are getting the information straight from the data aggregators by spear-phishing their employees.

Src: Avivah Litan — A Member of the Gartner Blog Network

No comments: