The whole system of “secret questions” used by tens of thousands of sites, including email providers, banks and government sites is fundamentally flawed.
- Have a file somewhere of the answers you used but DO NOT INCLUDE THE PASSWORD OR USER ID. Have the user id’s in a separate file
- Answer every question with the same answer such as ‘cupcakes’
- Use alternate answers for questions such as “what city were you born in?” Instead of using the real answer, answer that question with something like “Tabasco sauce”.
My favorite stupid secret questions:
- What city were you born in?
- What is your mother’s maiden name? Come on folks, this isn’t the 1960’s. First of all, that type of information can easily be searched.
- Where were you married? Duh.. again, this isn’t 1960. Marriage certificates can be searched.
- What was your high school mascot? Ok, this can be easy to crack: (1) High schools publish alumni lists. (2) The mascots don’t usually change.
- What was your First Car?
Web developers who use security questions are flaming idiots. Their web tools should be taken away and they should be handed a box of crayons. (the 8 color pack, not the 64 color pack as they obviously could not handle that)
- The US Post Office Website SUCKS
- Idiotic, Stupid MOronic Security at USPS.COM (and other sites)
- Password manager hacked (why you should not use password managers)
- Password and password reset idiocy
- Danger Will Robinson. Do NOT reply with your ‘first car’
- Cheap Hosting and Identity Theft
- Equifax thought admin/admin was a good login/pw to secure your personal information. …
- Have Google do a quick security check on your Google account with the Google Security Check