GoFuckYourself.com - Adult Webmaster Forum - View Single Post - Security questions are actually mostly INSECURE

rowan · 10-03-2009, 12:41 AM

You know those security questions you use to reset your password? Many sites use canned questions like "your pet's name" or "your mother's maiden name" ... if a cracker has access to your email they can probably access other things, how difficult do you think it would be for them to find out that info? Probably not hard at all.

The best way is for the site to allow you to specify the QUESTION as well as the ANSWER, since it allows you to obfuscate it. If your wife named Joan Jill Doe has a mole you could choose something like "mole middle"... and the answer is "jill" (the middle name of someone with a mole). To someone who doesn't know your wife personally the question will make no sense.

Thoughts?

10-03-2009, 12:41 AM
rowan Too lazy to set a custom title Join Date: Mar 2002 Location: Australia Posts: 17,393	Security questions are actually mostly INSECURE You know those security questions you use to reset your password? Many sites use canned questions like "your pet's name" or "your mother's maiden name" ... if a cracker has access to your email they can probably access other things, how difficult do you think it would be for them to find out that info? Probably not hard at all. The best way is for the site to allow you to specify the QUESTION as well as the ANSWER, since it allows you to obfuscate it. If your wife named Joan Jill Doe has a mole you could choose something like "mole middle"... and the answer is "jill" (the middle name of someone with a mole). To someone who doesn't know your wife personally the question will make no sense. Thoughts?