How Secure Are Those Security Questions?
In general, I am appreciative of the lengths that financial institutions go to in keeping my account — and the information behind it — safe from hackers. These steps include multi-page sign-in procedures, displaying a personal phrase, and requiring that a random security code be entered. Yes, it is a hassle, but it is a hassle I will endure in order to reasonably protect my information. What perplexes me, however, are the security questions — they are either too simple or too hard.
Some security questions are in the category of too easy, such as what high school I went to. This and other basic facts can be reasonably uncovered online. Similarly would be my favorite food. Anyone who reasonably knows me, would be aware that the answer is pizza. Plus, I am sure that this fact has been mentioned in public, appeared in an article, and written in a blog on more than one occasion. My mother's maiden name is another such question that is not all that secret. If I have the choice I skip those security questions, as I question their security.
The other category is the impossibly hard questions. First, are the ones with multiple answers. For example, what street did you grow up on? What was your favorite pet's name? Or what color was your first car? For each of these, I have two equally valid answers. I moved while growing up; among scores of pets, two dogs tie as my favorite; and as far as my first car — I had it painted. Should I note the starting color or the ending color?
Other hard questions are those that change over time. Examples include my favorite color, my best teacher, my preferred type of ice cream, my all time favorite movie, or my favorite TV show. Then to compound the whole issue, I need to spell the answer correctly (challenging for my dogs' names) and remember if I capitalized any of the letters ("School" or "school") or used abbreviations (such as "W" or "West;" "Ave" or "Avenue").
However, I think I have a reasonable solution for all this. I will simply make up an answer, random and completely secret, that I will use for every security question. For example, I might pick "Davenport45" as my answer. Then:
Q: What's your favorite food? A: Davenport45
Q: What color was your first car? A: Davenport45
Q: On what street did you grow up? A: Davenport45
Q: Is your security question really secure? A: Davenport45
Some security questions are in the category of too easy, such as what high school I went to. This and other basic facts can be reasonably uncovered online. Similarly would be my favorite food. Anyone who reasonably knows me, would be aware that the answer is pizza. Plus, I am sure that this fact has been mentioned in public, appeared in an article, and written in a blog on more than one occasion. My mother's maiden name is another such question that is not all that secret. If I have the choice I skip those security questions, as I question their security.
The other category is the impossibly hard questions. First, are the ones with multiple answers. For example, what street did you grow up on? What was your favorite pet's name? Or what color was your first car? For each of these, I have two equally valid answers. I moved while growing up; among scores of pets, two dogs tie as my favorite; and as far as my first car — I had it painted. Should I note the starting color or the ending color?
Other hard questions are those that change over time. Examples include my favorite color, my best teacher, my preferred type of ice cream, my all time favorite movie, or my favorite TV show. Then to compound the whole issue, I need to spell the answer correctly (challenging for my dogs' names) and remember if I capitalized any of the letters ("School" or "school") or used abbreviations (such as "W" or "West;" "Ave" or "Avenue").
However, I think I have a reasonable solution for all this. I will simply make up an answer, random and completely secret, that I will use for every security question. For example, I might pick "Davenport45" as my answer. Then:
Q: What's your favorite food? A: Davenport45
Q: What color was your first car? A: Davenport45
Q: On what street did you grow up? A: Davenport45
Q: Is your security question really secure? A: Davenport45
Posted by Peter DeHaan at 2/11/2010 8:33 PM 
Categories: Internet
Tags: security questions Peter DeHaan blog author Peter DeHaan Peter DeHaan Musings Musings of Peter DeHaan
Categories: Internet
Tags: security questions Peter DeHaan blog author Peter DeHaan Peter DeHaan Musings Musings of Peter DeHaan
Comments