Messin' with Texas: Deriving Mother's Maiden Names Using Public Records
Author(s): Virgil Griffith, Markus Jakobsson

Date: 2005
Publication: Lecture Notes in Computer Science, Volume 3531
Page(s): 91 - 103
Publisher: Springer
Source 1: http://markus-jakobsson.com/papers/jakobsson-acns05-texas.pdf
Source 2: http://virgil.gr/9/GriffithJakobsson2005-MMN.pdf
Source 3: http://dx.doi.org/10.1007/11496137_7 - Subscription or payment required

Abstract:
We have developed techniques to automatically infer mother’s maiden names from public records. We demonstrate our techniques using publicly available records from the state of Texas, and reduce the entropy of a mother’s maiden name from an average of close to 13 bits down to below 6.9 bits for more than a quarter of the people targeted, and down to a zero entropy (i.e., certainty of their mothers maiden name) for a large number of targeted individuals. This poses a significant risk not only to individuals whose mothers maiden name can easily be guessed, but highlights the vulnerability of the system as such, given the traditional reliance of authentication by mother maiden names for financial services. While our techniques and approach are novel, it is important to note that these techniques – once understood – do not require any insider information or particular skills to implement. This emphasizes the need to move away from mothers maiden names as an authenticator. Using the techniques described, during testing we were able to deduce the mother’s maiden name for approximately 4,105,111 Texans.



Do you have additional information to contribute regarding this research paper? If so, please email siteupdates@passwordresearch.com with the details.

<-- Back to Authentication Research Paper Index





[Home] [About Us] [News] [Research]

Copyright © 2016 PasswordResearch.com