What’s your secret question?
27 September 2008
Making strong and easy to remember passwords is amazingly easy. But what do you do when you’re asked to choose a secret question for an account – something like, “What is your mother’s maiden name?” or “What was the name of your first pet?”
A weak security question and a too easy answer undo the security provided by the best passwords. It is far easier for a marauder to click on the ubiquitous “Forgot your password?” link and guess your favorite high school teacher’s name (perhaps aided by a list of high school teachers at the school you attended, information that is not as hard to get as you might wish) than it is to guess a strong password.
As comforting as it is to have a backup in case you lose your password, the security risk isn’t worth it. There are better ways to avoid forgetting your passwords. Unfortunately, many sites won’t let you avoid using a secret question, so you need to enter something. My advice is to choose any question you like, but enter gibberish for the answer. Something like “dlfkjsldfj fosiuxclewoifu oisfu” would suffice.
To avoid forgetting your passwords, store them in Password Safe, a simple, lightweight program that can help you create and manage all of your passwords. Keep one copy of the database file on your computer and email a backup copy to your email address every time you update it. You’ll never forget your passwords and you’ll never have to rely on the backup security questions. As a bonus, you’ll be more likely to update your passwords every three months when you realize how easy it is to store them.
Read more about passwords
Pingback by What’s your secret question? (Part 2) | Defending The Kingdom: Security and Privacy in Your Digital Life — 14 October 2008 @ 4:44 am
[…] What’s your secret question? (Part 2) […]