rootninja

Slashdot just highlighted a short story about a study that determined “Secret Questions” are weak security mechanisms because they’re quite easily guessed. Is this only obvious to me? When the questions are something to the tune of What is your mother’s maiden name, your favorite color, and your father’s middle name, two out of the three are easily discovered with a little research. The 3rd only has so many possibilities, especially when people answer it in a way that they expect to recall in the future. While you’re at it, you could put a post-it note on your front door that says, “which secret rock is the spare key hidden under”

News Flash!!!

You can supply any answer you want!

All you have to do is remember what answers you use for each question. It helps if you think about it backwards. Given the answers you supply, can you think of the question? If you can, then someone can easily reset your password.

My suggestion is to come up with a system that makes sense to you. If it asks for your favorite pet’s name, maybe the answer could be “nail biting” or “chocolate lab”. You just have to remember how you translated the secret question. I guess that would be the “something you know”, because answering the questions straight up is really something anyone can find out.