Sprint Security System Too Clever for Your Own Good

Posted by Joel Johnson, April 11, 2008 4:42 AM |

Mike Masnick tears into Sprint's tragically weak security system that protects access to your account. Hope your neighbors don't know you very well!

The way it works is Sprint asks you a series of "security" questions that it thinks only you would know the answer to. Things like "what type of car has been registered at your address?" and "which of the following people has lived at your address?" It sounds like some data collection company probably convinced Sprint to purchase access to their data to set up these questions in the name of "security." The problem is that if you know just a little about certain people, you can easily guess the answers. Even worse, a former Sprint employee notes that, mostly to avoid "accidentally" having two right answers, it's usually quite easy to figure out the actual answers. For example, on the automobile question, the incorrect answers are usually expensive luxury vehicles.

Dumb Sprint 'Security' Questions Make It Easier To Hijack Accounts [Techdirt]

posted in: Fuck UpPhones
Favorite this!
Share this
Older Chinese-Made 'Hillbilly' Prank Teeth Recalled for Excessive Lead
Newer ERROR ED-209: Why the SWORDS Were Pulled From Iraq

Discussion

Take a look at this
#1 posted by cabbotage , April 11, 2008 8:05 AM

It certainly doesn't solve the poor security issue, but I'll often enter intentionally "incorrect" information - possibly to throw off would-be theives... but mostly to amuse myself.

Cities I've never visited listed as my birthplace, High Schools I've never attended, names of first loves that I've made up... When you have to create your own questions, choose a question with an answer that anyone could know (how many quarts in a pint) but then make up an unguessable answer (47.5)

Of course the danger is that you have to remember them yourself, and probably does little for actual security, but it is amusing...

Take a look at this
#2 posted by mark , April 11, 2008 10:07 AM

It sounds like sprint is using a third party authentication system like the one from Verid to generate the questions. Given that they can't come to your house and give you a polygraph and take a DNA swab this is basically as good as remote security is going to get. The traditional questions (mother's maiden name, SSN etc.) are all data that has been compromised on so many people from so many databases as to be worthless. This data is compiled from numerous credit and public databases and so is at least somewhat harder to gain access to. Let's face it if someone actually puts real effort into getting your information there is basically nothing you can do to protect yourself, this system just works a little bit better at keeping people who have access to a single credit card application or health insurance claim sheet from impersonating you.

Take a look at this
#3 posted by thomasexciting , April 13, 2008 8:34 PM

When I signed up for my two year contract with Verizon Wireless, the same thing happened to me. The "People who have lived at that address" question had three options: my name and two random names.

Post a comment

Anonymous