I have really been focusing a considerable amount of energy on security lately. I have been looking at some of our conventional wisdom and trying to decide how it fits in with our current world. Is it still relevant or does it needs some to be updated.
That brings me to the topic of tonight’s post, the secret question. The secret question is the one that many of your more important services will ask you to supply an answer to so they can verify who you are. The most common question is what your mother’s maiden name is. They will also ask things like, where were you born, what is your dad’s middle name, what was your high school mascot, and many more just like that. The problem with these types of questions is they are easy for someone to socially engineer out of you.
My philosophy is this. Questions that have real answers are easier to answer than questions that don’t have real answers. When you are asked for your mother’s maiden name, pick a word or name or even a series of alphanumeric characters to supply as your answer. Don’t use your mother’s real maiden name. It is easy for someone to find out your mother’s maiden name. Hell, she might even tell them if they ask nice enough. They won’t be able to find out her maiden name is $fop()5tHg.
About Jason
[...] is a perfect example of the problem I blogged about back in January with using real information for your security questions. If Sarah Palin had not used real information when answering the Yahoo email security questions her [...]