Security Questions Are Stupid

Discussion in 'Community Discussion' started by Radiating, Sep 26, 2014.

  1. Radiating macrumors 65816

    Joined:
    Dec 29, 2011
    #1
    Just a little rant. Let me give you an example:

    Where were you on January 1st, 2000?

    South Beach

    South Beach Miami

    South Beach, Miami

    South Beach Miami Florida

    South Beach, Miami Florida

    South Beach Miami, Florida

    South Beach, Miami, Florida

    Miami

    Miami Florida

    Miami, Florida

    Florida

    What was your first job?

    Salesperson

    Salesman

    Merchandise Specialist

    salesperson

    salesman

    merchandise specialist

    Crate & Barrel

    Crate and Barrel

    Crate & Barrel & Co.

    Crate & Barrel & Co

    Crate & Barrel, & Co.

    Crate & Barrel, & Co

    Crate and Barrel and Company

    Crate and Barrel, and Company

    Crate and Barrel and Company, LLC

    Crate and Barrel, and Company, LLC

    That's a total of 154 different ways to answer those questions correctly.


    This is literally the worst possible way to solve this problem.


    Jim: "Hey Bob, this whole passwords being stolen thing is a problem."

    Bob: "Sure is! Hey I have a great idea, what if we made a second secret password?"

    Jim: "That's a great idea! So if the main password is compromised, nothing will happen?"

    Bob: "Exactly, except for this password lets have it be in the form of an answer to a question. So that way the user won't even remember exactly what it is"

    Jim: "A non-specific password?"

    Bob: "There's nothing more secure than a password can't even be used 99% of the time even when you know it."
     
  2. MathBunny123 macrumors regular

    Joined:
    Oct 19, 2012
    Location:
    Toronto, Canada | Sibiu, Romania
    #2
    I agree with you...I also dislike the idea of verifying your login.
     
  3. Astroboy907 macrumors 65816

    Astroboy907

    Joined:
    May 6, 2012
    Location:
    Spaceball One
    #3
    Like the emails you get after registering for an account? Those are awful! :D
     
  4. samiwas Suspended

    Joined:
    Aug 26, 2006
    Location:
    Atlanta, GA
    #4
    I have no idea what this thread is about? Are you upset because someone could easily come up with the answers to your questions?

    That's why I always choose "what was the name of your first pet". No one is guessing that one. And even with "Where were you on whatever date", what are the chances that someone else is going to know the answer to that? I just don't understand what the beef is here.
     
  5. velocityg4 macrumors 68040

    velocityg4

    Joined:
    Dec 19, 2004
    Location:
    Georgia
    #5
    The much worse logging into a site you visit regularly but on a different computer, at a different location or just after cleaning the cache. Even if you get the username and password correct on the first try. They require a confirmation from a text message, email or security question.
     
  6. 556fmjoe macrumors 65816

    556fmjoe

    Joined:
    Apr 19, 2014
    #6
    No, answering them truthfully is stupid. I just use another random password that has nothing to do with the question. It's much easier to remember.

    ----------

    No, it's that you could have the correct answer in mind, but there are a hundred ways you could have typed it in. It's maddening to have to remember if you said your first car was a Volkswagen, VW, Jetta, VW Jetta, Volkswagen Jetta, Volkswagon Jetta, Jetta TDI, VW Jetta TDI, Volkswagen Jetta TDI, Diesel Jetta, etc.
     
  7. Astroboy907 macrumors 65816

    Astroboy907

    Joined:
    May 6, 2012
    Location:
    Spaceball One
    #7
    Well, no one except for family and close friends, maybe your vet, etc :D

    ----------

    This made my day, so much simpler. Why didn't I think of this! :rolleyes:
     
  8. macmacguy macrumors regular

    Joined:
    Sep 25, 2014
    #8
    You still need to remember the question though :D
     
  9. Melrose Suspended

    Melrose

    Joined:
    Dec 12, 2007
    #9
    If you treat security questions as additional high strength passwords, you'll do better. Using common information that anyone can find on your Facebook page is right up there with the 2 lonely IQ points of Jennifer Lawrence.

    Instead of Miami Florida, put "&nan23#BFm):3n", and instead of C&B put "wH*b38f7q&$b98b!"... bingo. High security.

    I use encoded phrasing for my passwords. I have multiple phrase lifted from Shakespeare, Göethe, etc, that I reduce to what looks like random junk, but I can remember it easily. I will say I have a selection of about 5 or 6 that I use for everything, but it's still more secure than using common information.
     
  10. samiwas Suspended

    Joined:
    Aug 26, 2006
    Location:
    Atlanta, GA
    #10
    Outside of my banking, I can't think of anything that I need to worry about security that much.
     
  11. Melrose Suspended

    Melrose

    Joined:
    Dec 12, 2007
    #11
    ...that's exactly my case too. I should say I use secure passwords for most things, simply because even sites like Fiverr are connected to my money and/or business. I have much simpler passwords I use for stuff like that's not associated with finances.
     
  12. ejb190 macrumors 65816

    ejb190

    #12
    I do something similar but I use song lyrics. For instance "Happy Birthday" would become something like Hbd2u.Hbd2u! And the song always relates back to the question. First Car? Use Little Duce Coupe by the Beach Boys or Love Shack by the B-52's (I got me a Chrysler, it seats about 20, So hurry up and bring your jukebox money). Pretty much unguessable.
     
  13. Melrose Suspended

    Melrose

    Joined:
    Dec 12, 2007
    #13
    I do the same thing, except I sub out letters for numbers, e=3, s=5, and vice versa. Double letters get swapped and the double turns into a 2. bottle, for example, becomes B0t2l3. Simple words like at and and get changed for symbols as well. Starting and ending letters get capped. I also bracket it in a special character, usually asterisks. It sounds complicated but I've been doing it for years and it helps me remember complicated strings easily and keeps my private stuff private.

    A long enough string and it looks like utter balderdash but I can read it pretty easily. "*4S+5y40f2b40tC*" is the opening line of the Gettysburg Address. :)
     
  14. samiwas Suspended

    Joined:
    Aug 26, 2006
    Location:
    Atlanta, GA
    #14
    A museum I was working in used this kind of thing for their wifi password. Except it wasn't just one or two words. It was something like "TheGrandRapidsArtMuseumWirelessInternetAccess", except it was all in numbers and symbols and lower case Ls for I's and all that. It freaking SUCKED to type it, especially on the iPhone.
     
  15. Melrose Suspended

    Melrose

    Joined:
    Dec 12, 2007
    #15
    ...yes, that is the downside. But 1Password is free, so that helps. :)
     
  16. LIVEFRMNYC macrumors 604

    Joined:
    Oct 27, 2009
    #16
    I use the same answer for every security question and in CAPS.

    Foe example: It's easier to put something ridiculous like "PAPERGOAT" as the answer for every single question.
     
  17. sk1wbw Suspended

    sk1wbw

    Joined:
    May 28, 2011
    Location:
    Williamsburg, Virginia
    #17
    If passwords were nullified and everyone switched to those awful "capchas" or whatever those things are called, I'd be royally screwed. I've never ever been able to get those right.
     
  18. Roller macrumors 68020

    Joined:
    Jun 25, 2003
    #18
    Security questions were originally designed to be convenient, hence the ubiquitous "What was your mother's maiden name?" query. But it eventually became obvious that the responses were easy to find using search engines. It's probably safest to treat them like another set of passwords, though it may be difficult to remember them if you're trying to reset your password by talking to a customer rep over the phone.

    Frankly, I wish that two factor authentication were more widely available, at least as an option.
     
  19. LostSoul80 macrumors 68020

    LostSoul80

    Joined:
    Jan 25, 2009
    #19
    Better stick with a password. Too bad for people that can't come up with a decent one.
     
  20. Liberty. macrumors 6502

    Joined:
    Sep 13, 2008
    #20
    Problem is no one came up with a better idea yet.
     
  21. mtneer macrumors 68020

    mtneer

    Joined:
    Sep 15, 2012
    #21


    That is if you choose to answer correctly. I always choose the common questions used across many sites so I can remember the connection. For example, when're I get the pet question I put in the name of the kid I didn't like in all my years of high school. I will not forget that connection and I surely won't forget that guys name. And those associations are not known to anyone but me.
     

Share This Page