[LMB] LISTBIZ: GDPR and Birthdays

Marc Wilson marc.wilson at gmx.co.uk
Sun May 27 09:05:58 BST 2018


On Fri, 25 May 2018 13:31:59 -0700, "A. Marina Fournier"
<saffronrose at me.com> wrote:

>
>Many financial institutions we use are still asking for our mother’s maiden name (if I can’t avoid that question, I lie), a matter of public record, yet attached to other pieces of information which facilitates identity theft, and they should know better. THEY should do better, if they are as concerned as they claim to be about security and ID theft. I don’t notice any national regs anywhere making matters of public record forbidden in security questions. Too bad, but that’s not to be solved here.

Current best practice is to allow you to specify your own *questions* as
well as *answers*.  And then for the respondent to pick things that
*aren't* a matter of public record: "What was the first concert you
attended?"  "What was your first crush's middle name?"  

Or use this list:
https://www.mcsweeneys.net/articles/nihilistic-password-security-questions

:)
-- 
Politics is the art of choosing between the disastrous and the unpalatable. 
 - J.K. Galbraith


More information about the Lois-Bujold mailing list