Partner Perspectives  Connecting marketers to our tech communities.
SPONSORED BY
1/11/2018
09:00 AM
Lori MacVittie
Lori MacVittie
Partner Perspectives

Why Facebook Security Questions Are no Substitute for MFA

If identity is established based on one thing you know and one thing you have, the latter should not also be a thing you know because in the sharing economy, we share everything.

Comment  | 
Print  | 
Comments
Newest First  |  Oldest First  |  Threaded View
Richard PM
50%
50%
Richard PM,
User Rank: Apprentice
1/11/2018 | 1:59:19 PM
Use incorrect info
If you are using the correct info you are doing it wrong. In very few cases the answer does not even have to match the type of question. For instance you could answer the mothers maiden name or favorite color questions with Pineapple or Bananna. All the sites do is match the answer you give them initially to see if they match and no one is going to be able to find the answer anywhere. 

 

Now you obviously have to "remember" the answers you give and in my case they are in a text file buried on my computer. I suppose someone could find the file but if someone can find and use a random tex file in the ~8TB worth of files on my computer I have much bigger problems to deal with.
How to Attract More Women Into Cybersecurity - Now
Dawn Kawamoto, Associate Editor, Dark Reading,  1/12/2018
AI in Cybersecurity: Where We Stand & Where We Need to Go
Raffael Marty, VP Security Analytics, Sophos,  1/11/2018
What Can We Learn from Counterterrorism and National Security Efforts?
Adi Dar, Chief Executive Officer of Cyberbit,  1/12/2018
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
F5 makes apps go-faster, smarter, and safer. With solutions for the cloud and the data center, F5 technology provides unparalleled visibility and control, allowing customers to secure their users, applications, and data. For more information, visit www.f5.com.
Featured Writers
White Papers
Video
Cartoon
Current Issue
The Year in Security: 2017
A look at the biggest news stories (so far) of 2017 that shaped the cybersecurity landscape -- from Russian hacking, ransomware's coming-out party, and voting machine vulnerabilities to the massive data breach of credit-monitoring firm Equifax.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.