Security Corner

Jun 27 2013   8:40PM GMT

Answering security questions? Lie

Ken Harthun Ken Harthun Profile: Ken Harthun

mega-icon-smiley-thumbs-upThe only good answers to these goofy security questions we see all the time are outright lies. Perhaps the goofiest question of all is, “What is your mother’s maiden name?” It takes only a casual search to get the answer to that one. Equally as bad (I guess they’re just starting to catch on that maiden name isn’t good) is one I had to supply for my health insurance company, “What is your mother’s middle name?” Then, there’s the name of your first pet, what high school did you attend, etc. These things might enhance security slightly, but a determined hacker is going to have – or get – all the answers.

The solution is to simply lie – invent fictitious names, places, etc. and then store those answers securely in LastPass, RoboForm, or other encrypted forms. Examples:

  • Mother’s maiden name: pinkelephant.
  • Mother’s middle name: beerthirty.
  • First pet name: tyrannosaurus.
  • High school: alpha centauri

Take a screen shot of all the questions in the lists on those websites that require security questions and invent all the answers. Then, keep the list in a safe place, like your wallet. No one’s going to guess those lies. For the truly paranoid, use a password generator to generate random strings. LastPass has a feature to generate pronounceable strings for use if you’re every asked for an answer over the phone.

 

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: