How I Do Security Questions
Security questions like "what is your mother's maiden name?" are so fucking bad. Here's what I do to make them slightly more secure.
Whenever I get forced to add a "security" question to an online account, I immediately begin to rage. The reason being is that they add very little in terms of security, as the answers are often out there in the ether, thanks to our pervasive need to share too much on social media. Plus, unlike passwords, these answers are usually stored in plaintext. So any sausage with access to the database -- be it legitimate or malicious -- can see all your answers.
Brilliant.
So instead of entering my Mum's actual maiden name, I'll generate a random dictionary string using my password manager, or an online tool and I save those answers in said password manager, so I can refer to them later.
For example, my answer to "what is your Mum's maiden name?" may be laziness-scribing-sprang8 For another site with the same requirement, it might be commute4-juniper-unhinge. Due to being random and unique per site, it's far more secure.
So when the stupid site that's forcing me to answer a "security" question gets popped, I don't have a load of legit personal info out there on web for any Tom, Dick, or script-kiddie to pick up.
Same thing goes for sites that force me to enter a memorable word (because they're too fucking lazy to implement a proper MFA mechanism).
Simple, ey?
Want more?
So you've read this post and you're still not satisfied? Ok then, here's some other stuff for you to do: