chrishoffman at March 28th, 2014 06:40 — #1
Originally published at: http://www.howtogeek.com/185354/security-questions-are-insecure-how-to-protect-your-accounts/
We all know we should create secure passwords. But, for all the time we spend worrying about our passwords, there’s a backdoor we never think about. Security questions are often easy to guess and can often bypass passwords.
bben at March 28th, 2014 07:35 — #2
The obvious thing to do is not use real facts in your security question answers
Where did you go to school? Hard Knox
I actually attended 10 elementary, 1 jr high, 5 high & 3 universities, 3 tech schools & a military academy. So I have a lot of choices.
What was the name of your first pet? BarBque - he died in a fire or FlatCat who was run over
What was you mother's maiden name? Red - This was actually my grandmother's nick name
Just keep it to things you will remember for some reason that a stranger wouldn't.
jahpickney at March 28th, 2014 13:51 — #3
It's definitely more accurate say that obvious answers are insecure rather than security questions in general. For example, "What was the name of your first pet?" is a great one for me, even if I use the true answer. Outside of my immediate family there's really no one who could guess the answer. And, of course, it's pretty easy to make up answers that are easy to remember yourself, but no one else would likely think of.
readandshare at March 28th, 2014 17:11 — #4
One recommendation - use security questions like a second password - and never disclose to anyone. Examples:
- What street do you live on? Bubaloo777
- What is your favorite color? Bubaloo777
- Who is your hero? Bubaloo777
See, security answers can be as secure as good passwords!
el_gallo_azul at March 28th, 2014 22:01 — #5
Of course, it's a good point, and I know that I have used some pretty lame security questions myself in the past before I discovered LastPass, but I can't remember what accounts I used them for. The only way that I can think of finding out is if somebody goes to the trouble of hacking these accounts, and then I would probably find out somehow.
system at April 7th, 2014 06:40 — #6
This topic was automatically closed after 10 days. New replies are no longer allowed.