MakeItHappen 15 #1 December 19, 2006 Security Questions Gone Mad One thing I absolutely dislike about internet security are these questions about your life that are elevated to 'security' enhancements. These questions are all wrong for several reasons. One reason is that the questions may be so trivial that just about anyone can figure out the answer. All those questions about your favorite color, pet's name, first pet's name, high school teacher's name, favorite color, favorite food and most hated food may be publicly available information. Check out forums and online boards for a wealth of information about people. If you ask anyone involved in security, they will tell you NOT to use commonly known information about you. They will tell you to not use your kid's names, pet's name(s), spouse's name etc for passwords or any other type of information. Another reason is that the questions may be bonafide questions, long before the internet, that now may be common knowledge. Take for instance, 'mother's maiden name'. Long ago that was something of a mystery because of the way society obliterated the history of the female parent. Now, we have people using hyphenated names, such as Berners-Lee. Without so much of a blink in the brain, one could guess mother's maiden name as Berners, or a second guess as Lee. Many people have online blogs or websites that expound on telling the world their ancestry. It is not rocket science to find out someone's mother's maiden name anymore. Another reason these questions are useless is that when the time comes to query a user about them, the user has forgotten what question they answered and what answer they entered. People have a hard enough time remembering what email address they used for each account. They won't remember these extraneous questions you ask of them. If they are savvy internet users they will put in bogus answers, not anything they'd remember after 2 or 3 years. They certainly would not put in REAL answers that could be found on the internet. .. Make It Happen Parachute History DiveMaker Quote Share this post Link to post Share on other sites
shermanator 3 #2 December 19, 2006 that is why I use my high school gf's clarinet's name.. yeah, so what.. i was a band geek, and some of them named their instruments! haha. though it would be an easy one to figure out, as the name of her clarinet was an easy common name. hahaha. good thing i don't use that one on any important official stuffs. just crap like myspace, and this here place,CLICK HERE! new blog posted 9/21/08 CSA #720 Quote Share this post Link to post Share on other sites
Lindercles 0 #3 December 19, 2006 Yeah, I always use the name of a random lake in Florida that I've never even been to. Who'd ever guess okeechobee, right? And besides, the only website I use it for is my bank, but how many people are gonna know that I use Bear Paw Credit Union (bearpawcu.org), since I've never lived in Montana. And for my email address I just hit a bunch of random keys and came up with [email protected] Who'd ever guess that?! Quote Share this post Link to post Share on other sites
Icon134 0 #4 December 19, 2006 like others have said... you don't actually have to answer the question asked...Livin' on the Edge... sleeping with my rigger's wife... Quote Share this post Link to post Share on other sites
normiss 641 #5 December 19, 2006 NOW I know why I have over 200 phishing attempts to investigate sitting on my desk....and here I thought most people too smart for this shit! here...log in herer to verify your information is correct: http://sofakingstupid.com Quote Share this post Link to post Share on other sites
shermanator 3 #6 December 20, 2006 Lindercles.. i think there is something wrong with your account.. I tried it, and nothing happened. CLICK HERE! new blog posted 9/21/08 CSA #720 Quote Share this post Link to post Share on other sites
GogglesnTeeth 6 #7 December 20, 2006 I like it when they let you type in your own question and then your own answer..... question: "what are you wearing" Answer: "I don't think that is appropriate!" Stolen from a stand up comedian... I watch too much comedy centralGoggles and Teeth "You fall like a greased safe!!!" Quote Share this post Link to post Share on other sites
bhammond 0 #8 December 20, 2006 Jan, So whats your point.... besides having a bad day Quote Share this post Link to post Share on other sites
labrys 0 #9 December 20, 2006 QuoteAnother reason these questions are useless is that when the time comes to query a user about them, the user has forgotten what question they answered and what answer they entered. The latest trend is that some of them offer a "hint" you can enter that will remind you which question you answered So now it even goes beyond using information that might already be public, they suggest using a public prompt to make it easier to guessOwned by Remi #? Quote Share this post Link to post Share on other sites
Douva 0 #10 December 20, 2006 Also, your answers have to be typed exactly the same way you typed them originally. I always find myself wondering, "Did I spell out 'Junior High' or abbreviate it as 'Jr. High?'"I don't have an M.D. or a law degree. I have bachelor's in kicking ass and taking names. Quote Share this post Link to post Share on other sites