Problem 1: The answers aren't secrets
Stop asking stuff that the internet knows better than I do. The birthplace of my father and my mother's maiden name aren't closely guarded state secrets. In fact, I'd google it myself.
Problem 2: The questions are stupid
People hardly remember things that change. My favorite movie when I signed up for your site won't be the same as it is now. Luckily I can go online and see what I was raving about back then, just like everyone else.
Problem 3: The answers require memorization
Questions that someone might know but google doesn't like "Where was your first kiss?" mostly have answers that will be a sentence like, "Under the bleachers at the homecoming game".
Would answering it later with a comma and a word change like "Under the bleachers, at my homecoming game" work? No? Thought not. (More Below)*
Conclusion
The shit's retarded and since what you're doing probably isn't important enough for me to care, here's my answers: "a", "b" annnnd "c". Just go set those as default values now. Thanks.
*I'm fucked with the "easy" ones too. e.g., [Mission, The Mission, (blank)] + [SF, SanFran, San Francisco, Bay Area, The Bay, The Bay Area, NorCal, (blank)] + (optional comma) + [CA, California, (blank)] ~= 144 ways to say "The Mission".
How did I phrase it? I get 3 tries, oh goodie. Hopefully I didn't type it as "The Missin".
The NSA recommends you lie on these questions, since they tend to overlap with other organizations' security questions, and if any one source is compromised you now not only are open to compromise on other accounts, but these questions tend to be facts about yourself you can't change - unlike a password.
ReplyDeleteInstead, just like your password, use a strong passphrase.
I do lie, but then later, predictably, I've forgotten the answers.
ReplyDelete*even my bank* has a security question, "What is your mothers maiden name?". Morons ...
Use `security question` field as second password, and save it somewhere like your first password.
ReplyDeleteActually if you really want to know what I do, I encrypt the question with my private key then take the first line of the base64 encoded output and make that my answer.
DeleteBeen doing it for years, cheers!