Tech Made Simple

Hot Topics: How to Spot a Fake Review | Back-School Tech & Tips | The Best Android Tablet | What's Draining Your Android Battery?

Use It

author photo

Why You Should Lie When Setting Up Password Security Questions

by on March 08, 2013
in Privacy, Computers and Software, Computer Safety & Support, Tips & How-Tos, Shopping, Tech 101 :: 5 comments

When you set up a new online account the website often will ask you to answer security questions so if the company needs to verify your identity, you can input the right answer to prove you’re you. For example, these probably sound familiar: “What is your mother’s maiden name?” or “In what city were you born?”

No doubt you’ve answered these kinds of online security questions, but really, there’s nothing secure about such generic queries. That’s because someone who wants access to your account could easily do some Internet research to dig up the answers.

So, what’s the best way to keep bad guys from finding out (or guessing) your security question answers?

According to Adam Levin, chairman and founder of IDentity Theft 911, your best bet is to lie, especially on websites that only offer generic security questions and don’t let you customize your own questions.

But what’s the best way to remember your false answers?

“You could put a schedule of security questions and lies on a password protected, encrypted thumb drive,” Levin says. “Just don't forget the password that unlocks the thumb drive and don't lose [it].”

mSecureAnother idea: A password manager to hold your strong passwords. I have an app called MSecure ($9.99 on Google Play) on my smartphone that would work to store false answers. The app doesn’t care what kinds of accounts and information I put in there, so I might create an entry titled “Security Question False Answer #1,” and so on, for as many bogus answers I need to remember.

An even better option, and one that many websites offer, is to create your own custom questions.

“The overriding principle is to think in terms of facts that are unique to you—things that you have not posted on your Facebook page, or shared with others by way of quizzes on social media sites,” Levin says. “In life there are certain significant private moments that represent a milestone or warm memory that serve as a security question that will mean something to you but nothing to a prospective identity thief.”

If you think about it, coming up with these unique questions and answers simply takes a stroll down memory lane. For example, I might use the question, “What chore did you have to do every day after school?” Almost no one would ever guess my true answer: Milk goats. Other ideas I could come up for myself: “Who was the most impossible person with whom to have a sleepover in a tent when you were 15?” Answer: Brenda (she was crabby at 2 a.m.). Another: “What memorable food did you cook during summer school when you were 6?” Answer: Pancakes.

“The point is that you want to have an extremely limited universe of people who would have any knowledge of things, events, or people that are special to you,” Levin says. “Your age, that of your children, your birth date, your mother's maiden name, your favorite color, your first pet's name, your engagement or wedding dates have the potential for too much exposure.”

Another way you can keep strangers from finding out your personal information is to not make it public.

“The best way to keep security answers safe from malefactors is to not post thoughts, events, or facts on social media sites either on your wall, that of another, or participate in an quiz. Your life will not be diminished by not responding to questions posed on those websites,” Levin says.
 

Subscribe to the Techlicious Daily Email!

Get the Techlicious Guide to Great Photography as your FREE gift!

Discussion loading

gravatar

internet security

From Robert Abramson on March 08, 2013 :: 12:06 pm

If anyone thinks there is such a thing as internet security they are kidding themself. Billions of dollars are stolen on a regular basis and nothing is done about it. Passwords and captuas are mind games for geeks to screw with people . Google,Microsoft , etc.,etc., can suck anything they want out of your computer. It’s safer to tell your neighborhood gossip information than put it on the internet.

Reply

gravatar

Lie about account password

From Squirrel on March 08, 2013 :: 2:24 pm

You know I actually laughed after reading this article,not because its funny-but I think its ironic, basically all the best paddlock sites,all ask the same questions to get to your password-that to me is the funny part.And I actually do lie in a certain way to protect my “real” passwords.
Love the article thou,keep them coming!

Reply

gravatar

Password vault solutions

From Jeffrey Deutsch on March 08, 2013 :: 2:36 pm

Thanks for the tips! Yes, it may not occur to people that they can submit false answers with their own security questions.

Judging from the ratings*, mSecure seems like a really good password vault deal even though it’s not even close to free.

I go with LastPass. Among other things, it (1) works with all major platforms and browsers, (2) synchronizes your data so you can access it anywhere, (3) offers multiple other security options: two-factor authentication, one-time passwords on on-screen (as opposed to keyboard) password typing and (4) even gives you credit report monitoring at no cost. And it’s all free!

(If you do Premium—just $1/month, billed annually—you also get, among other things, [1] support for all major mobile platforms [even Symbian!], [2] priority support and [3] no ads.)

Btw, I don’t work for them…I’m just a highly-satisfied Premium customer.

[*] Average rating c 4.6 over 4,440 raters; > 3/4 of raters gave it five stars and > 9/10 of raters gave it four or five stars.

PS: When I took too long to finish this comment, the captcha word changed and of course the change didn’t show. So when I hit Submit, it rejected my comment. More to the point, it also deleted said comment so I had to start over. Is there anything you can do about that?

Jeff Deutsch

Reply

avatar

Thanks for the heads up

From Josh Kirschner on March 08, 2013 :: 3:46 pm

We updated the article with the correct pricing for mSecure - thanks for pointing out that error!

Unfortunately, there’s not much we can do about the captcha settings. But if you comment using your Facebook login (if that’s an option for you), you won’t need to deal with the captchas.

Thanks!
Josh

Reply

gravatar

Thanks for your response Josh

From Jeffrey Deutsch on March 08, 2013 :: 3:56 pm

Hello Josh,

Thank you for the heads-up about logging in with Facebook.

Note that the problem I’m referring to has several different parts, including but not limited to the captcha. If you could do what some sites do—namely keep the entries in the boxes in case someone has to leave the page and the return—that would be fine by me.

In any case, keep up the good work Josh!

Jeff Deutsch

PS: I know another workaround would be to copy the comment to my Clipboard right before submitting. I don’t always remember to do that, though.

Reply

© 2014 Techlicious LLC. :: Home | About | Meet the Team | Sponsorship Opportunities | Newsletter Archive | Contact Us :: Terms of Use | Privacy Policy

site design: Juxtaprose