Off the beaten map-path, says Umibot, but this one resonated big time. How much wasted time/effort/money is behind password resets? Using your favorite food as a “secret word” (what if you don’t have one favorite food?), needing a reminder but being forced to reset? In a word, “arghhhhhhhh!”

This is the lecture you’ve been waiting for:

One of the most commonly neglected security vulnerabilities associated with typical online service providers lies in the password reset process. By being based on a small number of questions whose answers often can be derived using data-mining techniques, or even guessed, many sites are open to attack. To exacerbate the problem, many sites pose the very same questions to users wishing to reset their forgotten passwords, creating a common “meta password” between sites: the password reset questions. At the same time, as the number of accounts per user increases, so does the risk for the user to forget her password. Unfortunately, the cost of a customer-service mediated password reset, currently averaging $22, is far beyond possible for most service providers. In this talk, an alternative technique will be presented. It is fast and efficient, is compatible with input-constrained devices (such as handheld devices), and has low error rates. It is in the process of being commercialized, with a Fortune 500 company intending to deploy it by the end of the year.

It’s happening at PARC this Thrs. Sadly, Umibot will be reformatted during that time and won’t be in attendance.

Tags: pain in the ass

This entry was posted on Monday, June 23rd, 2008 at 11:59 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.