A recent article by CBC News suggests that if you use fake security answers to online websites you may, in fact, be less secure than if you used real answers. Well that immediately got my attention because yes, I use fake security answers.
What’s The Problem?
The problem, according to the CBC article is the following;
“answers such as “Don’t have one” or “I don’t know” were particularly ineffective. Because of the problem with fake answers, the study found that a clever attacker could guess 4.2 per cent of English-speaking users’ answers to the question “Frequent flyer number?” with a single guess.”
So wait a minute, the problem is not using fake security answers, but using weak and easily guessable fake security answers. In my mind this is a different issue and is the same issue with people using easily guessable passwords.
Here’s what I do. When asked for security answers I make up crazy answers, things that are improbable or just plain stupid. If the question is; “Who was your first high school teacher?”, then I might put something like; “Mrs Doubtfire”. This is an answer that definitely doesn’t tie to me, and even if you knew something about me you would be unlikely to guess that.
I store these answers in a secure way (no, I’m not going to tell you how I do that) so that when I need them they are available to me to answer the security questions.
Here’s the deal; if you’re asked for your Frequent Flyer number, like the quote above, don’t put “12345678”, that’s easily guessable. Instead put “54763298” and keep that somewhere, maybe in your phone in a note file so that it is available and you can refer back to it when you need it.
It’s Too Hard!
People keep telling me they have too many passwords and it’s hard to keep track of them so they use the same ones over and over.
No no no!
I have many customers and none of their passwords are the same. You just need a system and then you can easily create fake security answers on the fly and keep track of them.
Spend a little time and create a system, then using it is easy!
Got a better idea? Let me know!