lets say like this.
lets say that that this system compliments existing systems and methods
it can either be used as single system or can also be used along with
existing methods
say
website :"give me ur user id and password"
user :" heres my user id and password"
website :"answer this question"
user :"heres the answer"
website : user is now logged in
this is the process that is a derivation of the randover principle in
user authentication
bye
arun balaji
rohit@kritikalsolutions.com wrote:
How is this in any way increasing security? Lets say your algorithm
chooses random questions to be answered by the user. So in the
registration process you are going to ask him at least that many
questions. How diverse and questions, and more precisely the anwers be?
They can range from name/place/job/car etc to interests, but how much of
it is a secret unknown to your best friend? Extending it, how much of it
will be unknown if someone does a little google search on you? In case we
can get answers to most of these questions, you are going to rely on at
least something which will be a complete secret to the user and that
something can be .... a password? so in the end you are back to square
one. Also, someone attacking gets a new set of questions each time, so he
can easily profile the kind of person as well.
Lastly, do you believe that user are going to choose complex answers to
your questions? When they cant manage a complex password, why would they
want a complex qusetion and an answer?
In any case, once even one such system is hacked, that particular user is
doomed, because every bit of information about him is now with hackers,
while only a password could have been lost in the first case.
just my 2 cents..
Thanks
Rohit Dube
- http://www.prasar.org - come join the cause of silicosis victims,help
them get justice -
- http://silicosis.rediffblogs.com ---
