I have often blogged about the need to create very strong passwords that are long, not real words, and unique for each website, and to use two factor authentication whenever possible. This is true today more than ever. The internet offers a world of information and capabilities which often lead to the creation of a new account. In addition to setting up a password, you are often asked to select three or more security questions and provide the answers. Common questions are:
In what city were you born?
What is the first name of your best friend?
What was the name of your elementary school.
What was the name of your first pet?
Unfortunately, the answers to these questions can be found or easily guessed, giving hackers the ability to change the wonderful password you created to one of their own choosing. A couple obvious options is to either make up false answers or totally garbage answers, but the problem with that is you may have to remember them yourself if you forget how to access your account.
If you use a password manager such as Dashlane or others, you could use it to remember your answers by placing the answers in the secure notes section, but what if you don’t use a password manager? In that case, there is a simple approach to make your security question answers as safe as your passwords: use an algorithm. Here is an example:
Let’s say the answer to the question what city were you born is San Francisco. You could first strip away the vowels and space, leaving you with SnFrncsc. Then, to make it even better, you could sprinkle one or more numbers where the vowels use to be, such as your birth year. That might leave you with S54nFr54nc54sco if you were born in 1954. And then just for kicks you could put an exclamation mark at the end (assuming that is allowed), leading to the final result S54nFr54nc54sco!
The same approach could be applied to the other security questions:
What is the first name of your best friend: K54n! (Ken)
What was the name of your elementary school: St54v54ns54n! (Stevenson)
What was the name of your first pet: Sh54d54w! (Shadow)
Whatever you do, take the time to secure the answers to your security questions. If you previously created answers, go back and obscure them in the fashion described in this blog.
In what city were you born?
What is the first name of your best friend?
What was the name of your elementary school.
What was the name of your first pet?
Unfortunately, the answers to these questions can be found or easily guessed, giving hackers the ability to change the wonderful password you created to one of their own choosing. A couple obvious options is to either make up false answers or totally garbage answers, but the problem with that is you may have to remember them yourself if you forget how to access your account.
If you use a password manager such as Dashlane or others, you could use it to remember your answers by placing the answers in the secure notes section, but what if you don’t use a password manager? In that case, there is a simple approach to make your security question answers as safe as your passwords: use an algorithm. Here is an example:
Let’s say the answer to the question what city were you born is San Francisco. You could first strip away the vowels and space, leaving you with SnFrncsc. Then, to make it even better, you could sprinkle one or more numbers where the vowels use to be, such as your birth year. That might leave you with S54nFr54nc54sco if you were born in 1954. And then just for kicks you could put an exclamation mark at the end (assuming that is allowed), leading to the final result S54nFr54nc54sco!
The same approach could be applied to the other security questions:
What is the first name of your best friend: K54n! (Ken)
What was the name of your elementary school: St54v54ns54n! (Stevenson)
What was the name of your first pet: Sh54d54w! (Shadow)
Whatever you do, take the time to secure the answers to your security questions. If you previously created answers, go back and obscure them in the fashion described in this blog.
RSS Feed