Fourth-factor authentication: somebody you know
Proceedings of the 13th ACM conference on Computer and communications security
International Journal of Applied Cryptography
Personal knowledge questions for fallback authentication: security questions in the era of Facebook
Proceedings of the 4th symposium on Usable privacy and security
HOTSEC'08 Proceedings of the 3rd conference on Hot topics in security
Secure construction of k-unlinkable patient records from distributed providers
Artificial Intelligence in Medicine
What instills trust? a qualitative study of phishing
FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
Abusing social networks for automated user profiling
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Attitudes toward online availability of US public records
Proceedings of the 12th Annual International Digital Government Research Conference: Digital Government Innovation in Challenging Times
Sherlock holmes' evil twin: on the impact of global inference for online privacy
Proceedings of the 2011 workshop on New security paradigms workshop
FC'10 Proceedings of the 14th international conference on Financial Cryptography and Data Security
The effects of location access behavior on re-identification risk in a distributed environment
PET'06 Proceedings of the 6th international conference on Privacy Enhancing Technologies
Sunlight or sunburn: a survey of attitudes toward online availability of US public records
Information Polity - Special issue on Open Government and Public Participation: Issues and Challenges in Creating Public Value
Hi-index | 0.00 |
We have developed techniques to automatically infer mother's maiden names from public records. We demonstrate our techniques using publicly available records from the state of Texas, and reduce the entropy of a mother's maiden name from an average of close to 13 bits down to below 6.9 bits for more than a quarter of the people targeted, and down to a zero entropy (i.e., certainty of their mothers maiden name) for a large number of targeted individuals. This poses a significant risk not only to individuals whose mothers maiden name can easily be guessed, but highlights the vulnerability of the system as such, given the traditional reliance of authentication by mother maiden names for financial services. While our techniques and approach are novel, it is important to note that these techniques – once understood – do not require any insider information or particular skills to implement. This emphasizes the need to move away from mothers maiden names as an authenticator. Using the techniques described, during testing we were able to deduce the mother's maiden name for approximately 4,105,111 Texans.