Comments on: Why are security phrases a bad idea? http://analyzingidentity.com/2010/05/19/why-are-security-phrases-a-bad-idea/ Gerry Gebel's Identity Industry Insights Fri, 18 Mar 2011 15:28:58 +0000 hourly 1 http://wordpress.com/ By: James http://analyzingidentity.com/2010/05/19/why-are-security-phrases-a-bad-idea/#comment-20 Mon, 24 May 2010 11:12:49 +0000 http://analyzingidentity.com/?p=52#comment-20 Dynamic KBA while better than static has its own challenges including but not limited to:

- Determining a credible source of data
- Adding costs associated with procuring a credible source of data
- Having to collect even more personally identifiable information such that you can query a credible source of data

]]> By: Naive approaches against identity theft « Maarten Wegdam's Blog http://analyzingidentity.com/2010/05/19/why-are-security-phrases-a-bad-idea/#comment-19 Thu, 20 May 2010 20:16:31 +0000 http://analyzingidentity.com/?p=52#comment-19 [...] This type of static knowledge authentication is simply NOT suitable to authenticate any transaction that requires more than a very minimal level of assurance, and it is very naïve to use it for online banking (see also). [...]

]]>