How to make sure those Mother’s-Maiden-Name “security” questions are really secure

Use random password-like text to answer security questions like "who was your favorite childhood friend?"

Image “How to fill out security questions” from JWZ.org

Even if you only read the newspapers you’re probably aware that usernames and passwords aren’t very secure from determined hackers.  Turns out those “security” questions they ask can be even less secure — in some cases while your passwords are encrypted your answers may be stored in plain text!  How is this a problem?

How is it not?!?!

You know how if you use the same password hackers who uncover account information for one service, say, Facebook, will try the same password on, say, Twitter.  Or, oh, say, your bank?

Guess what?  Chances are you’ve only got one mother, and chances are her maiden name hasn’t changed.  Same with your first phone number, the first town you went to, where you went to college or… anything else that makes it easier for identity thieves to uncover even more information about you.  Even off-line information “Hi Mrs. So-and-so, remember me?  I your son used to be my best friend?  Remember our dog’s name was such-and-such?  I wonder if you could send me…”

Yikes!

So just so you know, treat those security questions the same way you treat passwords: make something up!  If you’ve got a password manager like 1PasswordDashlane, or LastPass, make those security answers arbitrarily complicated and add them as notes.

FacebooktwitterredditpinterestlinkedinmailFacebooktwitterredditpinterestlinkedinmail

David Innes, RealBasics.com

I've been building and maintaining websites since 1997 and building and supporting similar hypertext-driven software since 1987. I've done maintenance, support, and maintenance for physical and digital systems since 1981.