Mandatory ones are dumber. And lately I see more and more sites where you don't need to know your password, just the security question! And guess what, they almost never have punctuation or numbers or the things that make a password hard! Way to go, self-defeating security measures!

City of Birth? Mother's maiden name? Town where you grew up? High school? These are really easy to learn if someone actually wants to invade your privacy.

See, now here I thought you were talking about the ones that the TSA asks you when you go through security.

Are these your bags? Nope, I stole Martha Stuarts. Its a good thing.

Did you pack them yourself? Nope, Bill and Ted showed up in a magical phone booth to help me right before they left on an Awesome Adventure.

Do you have any weapons or explosives? Well, if I did, I wouldn't say yes...

Seriously...

Think of them more as secondary passwords.

Sure, it may be asking you for your mother's maiden name, but that doesn't stop you from making the answer 1w454N0rfn.

Sure, it may be asking you for your mother's maiden name, but that doesn't stop you from making the answer 1w454N0rfn.

So you're suggestion we answer them truthfully?

So you're suggestion we answer them truthfully?

Why would you do that? Make them something really obscure and then answer with a random word that has nothing at all to do with the question.

Yeah, my mother's maiden name has absolutely nothing to do with my password. I just don't forget my password.

Why would you do that? Make them something really obscure and then answer with a random word that has nothing at all to do with the question.

Eh, I was trying to make a joke about my mother's maiden name being "1w454N0rfn" or whatever, but I guess it didn't really translate to text that well. Probably should have used one of these (:smalltongue:) or something.

Eh, I was trying to make a joke about my mother's maiden name being "1w454N0rfn" or whatever, but I guess it didn't really translate to text that well. Probably should have used one of these (:smalltongue:) or something.

I got it, at least. :smalltongue:

It's also easier to choose security questions where someone can't find it out easily.

For example, most people aren't going to know the name of your first pet. Especially if the answer is "I never had a pet"

The problem with answering the secondary question non truthful is that the only time you will need it, the time when you have forgotten your password and can't request a new one via mail because the mail isn't working anymore or whatever, you aren't likely to remember your random answer to the secondary question either...

I've got that problem with Truthful security question answers. I've had my hotmail account since, what, just before the turn of the century? I don't know what answer I put down, in what form, whether I was being truthful or tricky, or even what spelling I used.

I think it's a security risk in themselves. Sarah Palin's email was "hacked" by a guy at my school (yeah, he's the one that made news). He answered the security questions by using Wikipedia.

I much prefer sites where if you answer the question, or just a verification code, they send your password - or a link to reset it- to the email you provided. And if you're worried about security, you probably shouldn't be auto-logging yourself into your email for long enough that you forget the password to that.

I agree. Security questions suck. I've gotten into this habit of slapping the keyboard in a violent frenzy until the field is full, to ensure a quality mix of letters, numbers, and punctuation.

Also, you know those Facebook apps where you input, say, your middle name or your mother's maiden name, and they give you your "pirate name" or "stripper name" or whatever? Apparently, those are now being used for cracking people's accounts.

Think of them more as secondary passwords.

Sure, it may be asking you for your mother's maiden name, but that doesn't stop you from making the answer 1w454N0rfn.

I got it. =P That's the way I answer questions too. Cept I usually just write junk, rather than something like that.

On the other hand, they could be like my bank. When you first open your account, they mail you a series of letters to use as your username on their website (they recently made it so you could change this to whatever you like, but it wasn't like that when I opened my account; you were stuck with whatever they gave you). When logging into your account, you have to answer two security questions and identify that a pre-chosen picture is displayed properly before you can even enter your password.

Edit: I just remembered that my cousin's bank makes him enter his password with his mouse, clicking on the individual keys on a virtual keyboard.

There's an app I use where they don't even let you choose an applicable security question. You have to provide answers for six different questions and then answer one at random. Thing is, the questions are all "What is your favorite ____?" and I am one of those folks that usually doesn't pick favorites. Throw on top of it that one is "What's your favorite car," and I don't even like cars. So I just have to pick something and write down what my "favorite" is supposed to be so I can remember. Whoo. That's security.

(Of course, this is in addition to a password and security picture/phrase combo.)


I much prefer sites where if you answer the question, or just a verification code, they send your password - or a link to reset it- to the email you provided.
Heh. Once I forgot a password and which of e-mails the password would be sent to. At least there are fewer e-mails to check than passwords to try. :smalltongue:

The best part about the security questions is that even if your service uses them you don't need the correct answer to get past. Just take a couple guesses and feign ignorance. When I worked at my university's computer help desk, most users who forgot their passwords also forgot their secret answer. Some even denied ever having set an answer. At least we had photo IDs for verification.

The online bank service for my account in Sweden uses a stand-alone numeric keypad that you have to set a -digit PIN code on when you register for the online service.

To log into your account settings online, you first have to enter your social security number on their login page.
After you've done that, you get an 8-digit random number that you enter ointo the keypad, which then gives you a corresponding 8-digit number back that you have to enter onto the login screen to get access.

I'm pretty confident that no one will get access to my account info online.

the obvious answer is to answer them IC. so instead of my mothers maiden name i have to switch to infernal text, which i would have to do for my real mothers maiden name anyway, but it doesnt matter because windows doesnt even support the elvish alphabet, much less the infernal one. **** microsoft.

If only someone had told me the importance of picking a good name for my first pet. I was just a kid so I picked something dumb and embarrassing. But if the world had told me that every accound I'd set up would involve me sharing that sort of information I'd have picked something sensible.


Good job I'm good at coming up with good passwords. The man that just phoned from the bank to talk about security said the my password and pin code was the best ones he'd ever heard.

:smalltongue:

The man that just phoned from the bank to talk about security said the my password and pin code was the best ones he'd ever heard.

Just for a brief second you had me there!

For first pet, I always use the name of a pet I never had (like Fido or Rex or such).

For favorite sports team, I always use a team a made up for an art project in 7th grade.

I'm pretty confident those answers are unguessable, no matter how crafty a researcher you are. :smallsmile:

fido? rex? those would be like the first things someone would try in a brute force attack. hell that might be broken manually. good job with the sports team you made up though.

If you can type in a language that uses an alphabet that's not Latin (e.g. Greek, Russian, Arabic), one cool thing to do is to type something in one language while using a different keyboard layout.

So you'd be typing something like "Scotland" in Russian and it would come out as "Ijnkfylbz" in English. Add a few numbers or punctuation marks and voila, enjoy your new password that's quite secure but at the same time easier to remember than f56lkj;rP0n.

On a related note, you know those words with the twisted up letters that you have to enter in correctly to prevent spam?

Well, I've tried futiely for months to become a member of newgrounds. I couldn't seem to get the dang spelling right (this has happened occaisionally, is that a distorted "O" or a distorted "0"?, but usually I just have to keep trying till I get an easy one.) After trying on and off for literally months I had problems with the the exact same thing but for the Wesnoth forums.

Long story short, I realized that my partial colorblindness was causing me to not see some of the letters. Once I figured that, signing up for the wesnoth forums was easy. Still haven't succeeded on newgrounds though.

I just cheat them. The answer to my security questions is usually the password to an e-mail account I never check, which has nothing to do with my usual passwords. Its rare I forget one though, since I have them written on post-it notes, hidden in an owner's manual in the file cabinet.

an owners manual in a cabinet? not an encrypted flash drive buried under a tree sealed in a small concrete brick in the ribcage of a dead rodent of some sort? i find that works far better. not only is it secure, but its incentive to not forget any of my important passwords. ever.

I always want to be clever with those questions, and put down something complicated that is only tangentially related to the question, but I know it will be so long until I need it that I'll forget the train of thought that got me there.

Yeah I work for a Help Desk and our choices of security questions cause problems constantly.

-The name of your first pet.
-The name of the city where your father was born.
-The last name of your favorite elementary school teacher.
-Your father's middle name.
-The year, make, and model of your first car (i.e., 1965 Ford Mustang).
-Your mother's maiden name.
-The name of the first street you remember living on as a child. ONLY the street name, not any other part of the address.
-The first phone number you remember having, if it is different from your current phone number.
-The name of the elementary school where you started first grade.
-The maiden name of your father's mother.

People always choose the car question. Foreign users always have trouble with the name questions and wind up putting the first name. And Nobody can remember if they had dashes or not in the phone number.