MOTHER’S MAIDEN NAME – EASY TO CONSTRUCT FROM PUBLIC RECORDS

Markus Jakobsson of Indiana University recently published a paper demonstrating computing techniques which can deduce a mother’s maiden name against a targeted individual with great efficiency. Using public records in the state of Texas his technique was able to deduce the maiden names of the mothers of over 4 million Texans.

Security professionals have known for many years that the use of the mother’s maiden name is a very poor authentication technique. However its use as a verification tool is still widespread.

At KnightsBridge Castle, using both public and private databases we easily find mother’s maiden names of our clients when providing identity theft protection services and with a clients “permissive use authorization.” When performing authentication we do not use this poor validation technique. Why do businesses continue to use this technique? We are not certain, but it is cheap and while it no longer can be relied upon, it once had some validity.

Professor Jakobsson’s approach is of great interest and the full paper may be found at:


http://www.informatics.indiana.edu/markus/papers/mmn.pdf