I do, for one. Because otherwise, it defeats the whole purpose of having reminders. Were I to make up a name for a favorite childhood pet (Fluffy, for example), then if I am capable of remembering that made up pet's name, then I must be equally capable of remembering the password the security question is there to remind me of. For the most part, I almost never need those security questions, but it has saved my bacon from time to time on websites that I have not visited in years.
As for the risk, ON NOES, they know my first pet's name! Quelle horreur! Surely, my very existence is now open to their every whim, as they can take that information and... do exactly what with it, go to every website in existence and check to see if they can reverse engineer my account with their one bit of personal data?
Here's a security tip from me to you. If you are truly concerned about this, simply pick a different security question for each site you use, and don't choose questions you used on another site. The fact is, no one, and I mean no one, save for perhaps your own family, is going to go to the effort to look up what your High School mascot was and the name of the street you grew up on. Brute forcing the password, or social engineering (phishing) is actually much easier to use to obtain your password than this is. YOU are more likely to be the source of a password leak than the security question are.
*note: if you are a very public figure (aka famous person) the risk is much higher, and maybe you want to be more circumspect with your security. But for average joes and janes like us, it really doesn't matter. Your security is protected by virtue of being just another face in the endless sea of humanity. You're a piece of hay in the haystack, not a needle.
3 comments:
On the other hand, who in their right mind gives truthful answers to any security question used as a password?
Eric Hines
A man with a poor memory, I suppose.
I do, for one. Because otherwise, it defeats the whole purpose of having reminders. Were I to make up a name for a favorite childhood pet (Fluffy, for example), then if I am capable of remembering that made up pet's name, then I must be equally capable of remembering the password the security question is there to remind me of. For the most part, I almost never need those security questions, but it has saved my bacon from time to time on websites that I have not visited in years.
As for the risk, ON NOES, they know my first pet's name! Quelle horreur! Surely, my very existence is now open to their every whim, as they can take that information and... do exactly what with it, go to every website in existence and check to see if they can reverse engineer my account with their one bit of personal data?
Here's a security tip from me to you. If you are truly concerned about this, simply pick a different security question for each site you use, and don't choose questions you used on another site. The fact is, no one, and I mean no one, save for perhaps your own family, is going to go to the effort to look up what your High School mascot was and the name of the street you grew up on. Brute forcing the password, or social engineering (phishing) is actually much easier to use to obtain your password than this is. YOU are more likely to be the source of a password leak than the security question are.
*note: if you are a very public figure (aka famous person) the risk is much higher, and maybe you want to be more circumspect with your security. But for average joes and janes like us, it really doesn't matter. Your security is protected by virtue of being just another face in the endless sea of humanity. You're a piece of hay in the haystack, not a needle.
Post a Comment