Not strictly crypto, but a key issue

[Owen Blacker]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Last year, I called a bank whose telephone banking service I had
> not used for a long time, and they seemed quite happy to go through
> asking me new questions, such as "when was the last cheque
> written", until I had accumulated the requisite 3 correct answers
> (the fact that I didn't know a whole range of other facts didn't
> visibly concern them).   

Strange you should mention it -- I had a near-identical situation.  I
defaulted on a loan to the telephone bank in question whilst still a
student (so, maybe 5 years ago) and needed to talk to the credit
people (about my credit record) and they insisted on authenticating
me.

We got to the stage where I just read out words and the guy on the
end of the phone worked out which were the 2nd and 4th (or whatever)
characters.

We went through a few dozen and he was about to put me through to his
manager to authenticate me some other way (or something, I forget)
before I remembered the word.  That I'd just spent 5 minutes quite
literally guessing words didn't bother him in the slightest.

It did make me wonder what the point was   :o)


O x
- -----
Owen Blacker
Senior Software Developer / InfoSec Consultant    Wheel: Clerkenwell
See http://www.owens-place.org.uk/pgp.html -- more about my PGP keys
Sig  0x00036874 | d39f b776 fa20 c125 b0e2  aa6d 555e 4126 0003 6874

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0
Comment: Due to RIP, pls check for revocation before using this key!

iQA/AwUBOsShIVVeQSYAA2h0EQJCIQCfQYLVM0Px7SeN8PyWrMJja7OA2FAAoJME
742/QR5SJQLkC1BLJMcs5z2Y
=sMpP
-----END PGP SIGNATURE-----

_____________________________________________________________________
This message has been checked for all known viruses by UUNET delivered 
through the MessageLabs Virus Control Centre. For further information visit
http://www.uk.uu.net/products/security/virus/