How I Do Security Questions
Security questions like 'what is your mother's maiden name?' are so fucking bad. Here's what I do to make them slightly more secure.
Whenever I get forced to add a βsecurityβ question to an online account, I immediately begin to rage. The reason being is that they add very little in terms of security, as the answers are often out there in the ether, thanks to our pervasive need to share too much on social media. Plus, unlike passwords, these answers are usually stored in plaintext. So any sausage with access to the database β be it legitimate or malicious β can see all your answers.
Brilliant.
So instead of entering my Mumβs actual maiden name, Iβll generate a random dictionary string using my password manager, or an online tool and I save those answers in said password manager, so I can refer to them later.
For example, my answer to βwhat is your Mumβs maiden name?β may be laziness-scribing-sprang8
For another site with the same requirement, it might be commute4-juniper-unhinge
. Due to being random and unique per site, itβs far more secure.
So when the stupid site thatβs forcing me to answer a βsecurityβ question gets popped, I donβt have a load of legit personal info out there on web for any Tom, Dick, or script-kiddie to pick up.
Same thing goes for sites that force me to enter a memorable word (because theyβre too fucking lazy to implement a proper MFA mechanism).
Simple, ey?