Comments

StonebirdDecember 14, 2007 6:05 PM

Interesting. Apparently, in the future it will be easier to travel in time than to crack a password based on a surname. Maybe after 3 wrong guesses the planet blows up?

Unfit for my stationDecember 14, 2007 6:19 PM

Maybe I'm humorless or missing something, but I thought this was a well-written story with worlds of potential whose ending fell flat on its face.

I call Emperor Has No Clothes.

SpiderDecember 14, 2007 6:37 PM

And thats why I rechristened my mothers family to the " I don't know" family. Try extracting that from me under torture!

ForRealDecember 14, 2007 9:18 PM

What's amazing is that anyone still knows of the "Eighteenth Brumaire of Louis Napoleon". It's actually more of an advertisement for good journalism than communism, but from a Fox news perspective they are about the same thing.

Unix RoninDecember 15, 2007 11:01 AM

The only problem with that story is that "mother's maiden name" is a worthless security question, because it's a matter of public record. So if you answer it truthfully, anyone can look up the correct answer, whereas if you give a false answer, then you have to remember what false answer you gave *in that instance*, just like any other "password".

If you're going to have a "security question", let people choose their own question, so that they can pick a question that they and *only* they know the answer to, but which they'll never forget.

ArchonDecember 15, 2007 11:32 AM

This reminds me of a time I was in a hospital waiting room. One of the 'personal identifiers' they asked for on forms was the classic mother's maiden name.

Sitting about five chairs away was a very old man, getting help filling out a form from a clerk and a younger (relatively speaking, she looked close to retirement) woman who was with him. All was quiet and not at all notable. Until....

Clerk: "What's your mother's maiden name?"
Old man: "What?"
The clerk repeated herself louder, loud enough that the entire waiting room heard; I don't think he missed the question, I think he didn't believe it!

After a good minute of thinking on it, he came up with an answer, which he said at a similar loud volume level to what the clerk had used (so much for that 'security').

Then he turned to the woman accompanying him and said, "My mother's been dead for over seventy years!"

(Makes me wonder, though. Dead well before the Second World War and now that piece of information about her is floating in a database somewhere.)

ReaderDecember 15, 2007 1:30 PM

@Critics

Lighten up. It's not supposed to be highbrow writing.

@Bruce

Thanks for the laugh. It's a funny story.

AntonDecember 15, 2007 7:56 PM

When I opened an account recently with an Autralian bank I put ")ç)(/*%87q345KJJDJHkhskdjiuw£à!è£àéè?=()+"*"ç*ç-.,,,." for my mother maiden name thinking the system would never ask for it provided I had my User ID, Password. WRONG, it sure got me into trouble.

Not meDecember 16, 2007 2:45 AM

I have to admit that I always use the same (invented) answer to that question everywhere. Somewhat more secure than my mother's real maiden name, but not much more so....

EpikurolibreDecember 16, 2007 6:52 AM

In Spain mothers don't change name when they marry, so my mother's maiden name is my mother's current name. Not very secure as a "security question". Actually something like 30% of all children are born out of wedlock nowadays. I expect the percentage must be lower in the US, but even there many women choose to keep their maiden names. So "your mother's current name" is a good guess to that stupid question.

Terry ClothDecember 16, 2007 1:44 PM

@Spider: Who's on first?

(http://www.phoenix5.org/humor/WhoOnFirst.html, at least until someone notices it's infringing copyright.)

Filias CupioDecember 16, 2007 5:27 PM

A fine example of social engineering at work. Remember kids - just because a time traveller looks like you doesn't mean they really are you - if they have the technology to time travel, they're going to have pretty good makeup technology also. Don't give out identifying information to time travellers!

So they guy had kept in his memory the 'fencing' scar and "Eighteenth Brumaire" in memory but not his mother's maiden name?

ChrisDecember 17, 2007 9:44 AM

I think it's a clever gimmick, the kind of thing worthy of a 2-page short story. It's a story, people. If you're finding it implausible, please think just a *little* outside the box. Tech changes and grows. If someone came to you with something recorded on a 3280 mainframe tape, or even an 8-track, and wanted info off of it, most folks would have a bit of trouble. No one said you had to be able to defend this story in a crypto dissertation, jeez.

thx1138December 17, 2007 10:17 AM

@ Unix Ronin
"let people choose their own question"

Probably not a good idea. As a user concerned about security you don't need it -- you can work with the canned questions by creating a 'lie' that you remember, or even a unique 'lie' at each place you are forced to use the question -- but as a person implementing such protection mechanisms you have to consider the fact that many people apparently choose questions like "what colour is blue"?

Wang-LoDecember 17, 2007 1:36 PM

What kind of a a dumb question is "What color is blue?"! I don't know much about security, but I would never use "What color is blue" as a pass question. Sheesh.

My secret pass question is "What color is red?".

But the ANSWER is "Blue".

-Wang-Lo.

dragonfrogDecember 17, 2007 5:54 PM

@Filias Cupio

It's believable, I think - how many stories have we heard of backup plans that were thoroughly tested, all except for the recovery part?

Perhaps his mother's maiden name was on a tape that got fried. Perhaps the "secure storage" company that keeps the backup tapes won't release it to him until he provides his mother's maiden name.

After all - computer interfaces are bad enough to lead to all sorts of "Nooo!" moments now. Any reason to expect they'll get much better, as they get much more complex?

DanBealeDecember 18, 2007 9:23 AM

Funny story.

Except my banking online site has just implemented a "new security feature" where I had to chose *five* such "security" questions from a list that they provided, and give answers to those questions.

The site will, apparantly, ask me some of those questions at "random" times when I 'm logged in.

It's not a tiny little tin-pot bank either, it's a major UK building-society.

Baffling, and very disappointing.

ShaneDecember 18, 2007 10:51 AM

I am confused with people's reactions. I read the story and thought one of two things regarding its intent:

1) A satirical play on the cynicism of the usefulness of the 'security question' model altogether.

2) A clever narrative on social engineering.

Why is everyone taking it so seriously? Like it wasn't a joke? "The ending fell flat on it's face"... Seems like the whole point was to write this mediocre, yet entertaining short, only to reveal its intent in the last sentence, which follows the proper literary structure for short fiction.

I say kudos! It made me laugh.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..