May 29 2011

Sometimes Secret Questions Aren’t So Secret

When you are signing up for an account on a website or a new service you are prompted for a whole stack of information which may include items such as:

  • your name,
  • e-mail address,
  • password,
  • date of birth,
  • postal address information,
  • gender.

In additional to the above, you may be asked to select a secret question and provide an answer just in case you need to reset or retrieve your password in the future. Otherwise, you might be asked to provide your own secret question and answer instead of being forced to choose a question from a list. The problem with this approach is if you do provide an honest answer to the question you may expose yourself to an attack if the answer is known by other people, can be guessed or found through social networking sites.

So one remedy that you can try is to use an answer to a secret question that has nothing to do with the question but is something that you will remember. For instance, instead of responding with your mother’s maiden name you could try using your favourite food or a funny phrase or something else that is easy for you to remember but obscure enough for others not to be able to guess or find out from other sources.

This might be more useful for sites that only allow you the choice of a small number of questions rather than letting you choose your own ones but can still be useful in throwing people off the right answer by using something completely different.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>