The whole system of “secret questions” used by tens of thousands of sites, including email providers, banks and government sites is fundamentally flawed.
- Have a file somewhere of the answers you used but DO NOT INCLUDE THE PASSWORD OR USER ID. Have the user id’s in a separate file
- Answer every question with the same answer such as ‘cupcakes’
- Use alternate answers for questions such as “what city were you born in?” Instead of using the real answer, answer that question with something like “Tabasco sauce”.
My favorite stupid secret questions:
- What city were you born in?
- What is your mother’s maiden name? Come on folks, this isn’t the 1960’s. First of all, that type of information can easily be searched.
- Where were you married? Duh.. again, this isn’t 1960. Marriage certificates can be searched.
- What was your high school mascot? Ok, this can be easy to crack: (1) High schools publish alumni lists. (2) The mascots don’t usually change.
Web developers who use security questions are flaming idiots. Their web tools should be taken away and they should be handed a box of crayons. (the 8 color pack, not the 64 color pack as they obviously could not handle that)
- The US Post Office Website SUCKS
- Password manager hacked (why you should not use password managers)
- Idiotic, Stupid MOronic Security at USPS.COM (and other sites)
- Danger Will Robinson. Do NOT reply with your ‘first car’
- Password and password reset idiocy
- Equifax thought admin/admin was a good login/pw to secure your personal information. …
- Cheap Hosting and Identity Theft
- Resetting a lost Frontpage 2002 id and pw on an extended server