Security Questions Are Stupid

Discussion in 'Community Discussion' started by Radiating, Sep 26, 2014.

  1. Radiating macrumors 65816

    Dec 29, 2011
    Just a little rant. Let me give you an example:

    Where were you on January 1st, 2000?

    South Beach

    South Beach Miami

    South Beach, Miami

    South Beach Miami Florida

    South Beach, Miami Florida

    South Beach Miami, Florida

    South Beach, Miami, Florida


    Miami Florida

    Miami, Florida


    What was your first job?



    Merchandise Specialist



    merchandise specialist

    Crate & Barrel

    Crate and Barrel

    Crate & Barrel & Co.

    Crate & Barrel & Co

    Crate & Barrel, & Co.

    Crate & Barrel, & Co

    Crate and Barrel and Company

    Crate and Barrel, and Company

    Crate and Barrel and Company, LLC

    Crate and Barrel, and Company, LLC

    That's a total of 154 different ways to answer those questions correctly.

    This is literally the worst possible way to solve this problem.

    Jim: "Hey Bob, this whole passwords being stolen thing is a problem."

    Bob: "Sure is! Hey I have a great idea, what if we made a second secret password?"

    Jim: "That's a great idea! So if the main password is compromised, nothing will happen?"

    Bob: "Exactly, except for this password lets have it be in the form of an answer to a question. So that way the user won't even remember exactly what it is"

    Jim: "A non-specific password?"

    Bob: "There's nothing more secure than a password can't even be used 99% of the time even when you know it."
  2. MathBunny123 macrumors regular

    Oct 19, 2012
    Toronto, Canada | Sibiu, Romania
    I agree with you...I also dislike the idea of verifying your login.
  3. Astroboy907 macrumors 65816


    May 6, 2012
    Spaceball One
    Like the emails you get after registering for an account? Those are awful! :D
  4. samiwas macrumors 68000

    Aug 26, 2006
    Atlanta, GA
    I have no idea what this thread is about? Are you upset because someone could easily come up with the answers to your questions?

    That's why I always choose "what was the name of your first pet". No one is guessing that one. And even with "Where were you on whatever date", what are the chances that someone else is going to know the answer to that? I just don't understand what the beef is here.
  5. velocityg4 macrumors 601


    Dec 19, 2004
    The much worse logging into a site you visit regularly but on a different computer, at a different location or just after cleaning the cache. Even if you get the username and password correct on the first try. They require a confirmation from a text message, email or security question.
  6. 556fmjoe macrumors 65816


    Apr 19, 2014
    No, answering them truthfully is stupid. I just use another random password that has nothing to do with the question. It's much easier to remember.


    No, it's that you could have the correct answer in mind, but there are a hundred ways you could have typed it in. It's maddening to have to remember if you said your first car was a Volkswagen, VW, Jetta, VW Jetta, Volkswagen Jetta, Volkswagon Jetta, Jetta TDI, VW Jetta TDI, Volkswagen Jetta TDI, Diesel Jetta, etc.
  7. Astroboy907 macrumors 65816


    May 6, 2012
    Spaceball One
    Well, no one except for family and close friends, maybe your vet, etc :D


    This made my day, so much simpler. Why didn't I think of this! :rolleyes:
  8. macmacguy macrumors regular

    Sep 25, 2014
    You still need to remember the question though :D
  9. Melrose Suspended


    Dec 12, 2007
    If you treat security questions as additional high strength passwords, you'll do better. Using common information that anyone can find on your Facebook page is right up there with the 2 lonely IQ points of Jennifer Lawrence.

    Instead of Miami Florida, put "&nan23#BFm):3n", and instead of C&B put "wH*b38f7q&$b98b!"... bingo. High security.

    I use encoded phrasing for my passwords. I have multiple phrase lifted from Shakespeare, Göethe, etc, that I reduce to what looks like random junk, but I can remember it easily. I will say I have a selection of about 5 or 6 that I use for everything, but it's still more secure than using common information.
  10. samiwas macrumors 68000

    Aug 26, 2006
    Atlanta, GA
    Outside of my banking, I can't think of anything that I need to worry about security that much.
  11. Melrose Suspended


    Dec 12, 2007
    ...that's exactly my case too. I should say I use secure passwords for most things, simply because even sites like Fiverr are connected to my money and/or business. I have much simpler passwords I use for stuff like that's not associated with finances.
  12. ejb190 macrumors 65816


    I do something similar but I use song lyrics. For instance "Happy Birthday" would become something like Hbd2u.Hbd2u! And the song always relates back to the question. First Car? Use Little Duce Coupe by the Beach Boys or Love Shack by the B-52's (I got me a Chrysler, it seats about 20, So hurry up and bring your jukebox money). Pretty much unguessable.
  13. Melrose Suspended


    Dec 12, 2007
    I do the same thing, except I sub out letters for numbers, e=3, s=5, and vice versa. Double letters get swapped and the double turns into a 2. bottle, for example, becomes B0t2l3. Simple words like at and and get changed for symbols as well. Starting and ending letters get capped. I also bracket it in a special character, usually asterisks. It sounds complicated but I've been doing it for years and it helps me remember complicated strings easily and keeps my private stuff private.

    A long enough string and it looks like utter balderdash but I can read it pretty easily. "*4S+5y40f2b40tC*" is the opening line of the Gettysburg Address. :)
  14. samiwas macrumors 68000

    Aug 26, 2006
    Atlanta, GA
    A museum I was working in used this kind of thing for their wifi password. Except it wasn't just one or two words. It was something like "TheGrandRapidsArtMuseumWirelessInternetAccess", except it was all in numbers and symbols and lower case Ls for I's and all that. It freaking SUCKED to type it, especially on the iPhone.
  15. Melrose Suspended


    Dec 12, 2007
    ...yes, that is the downside. But 1Password is free, so that helps. :)
  16. LIVEFRMNYC macrumors 604

    Oct 27, 2009
    I use the same answer for every security question and in CAPS.

    Foe example: It's easier to put something ridiculous like "PAPERGOAT" as the answer for every single question.
  17. sk1wbw Suspended


    May 28, 2011
    Williamsburg, Virginia
    If passwords were nullified and everyone switched to those awful "capchas" or whatever those things are called, I'd be royally screwed. I've never ever been able to get those right.
  18. Roller macrumors 68020

    Jun 25, 2003
    Security questions were originally designed to be convenient, hence the ubiquitous "What was your mother's maiden name?" query. But it eventually became obvious that the responses were easy to find using search engines. It's probably safest to treat them like another set of passwords, though it may be difficult to remember them if you're trying to reset your password by talking to a customer rep over the phone.

    Frankly, I wish that two factor authentication were more widely available, at least as an option.
  19. LostSoul80 macrumors 68020


    Jan 25, 2009
    Better stick with a password. Too bad for people that can't come up with a decent one.
  20. Liberty. macrumors 6502

    Sep 13, 2008
    Problem is no one came up with a better idea yet.
  21. mtneer macrumors 68030


    Sep 15, 2012

    That is if you choose to answer correctly. I always choose the common questions used across many sites so I can remember the connection. For example, when're I get the pet question I put in the name of the kid I didn't like in all my years of high school. I will not forget that connection and I surely won't forget that guys name. And those associations are not known to anyone but me.

Share This Page