Algorithms for dumb security questions
November 18, 2007 11:09 AM   Subscribe

 
From the comments:



If anyone wants to hack into my accounts, my Mother's Maiden Name, my first pet, my favourite teacher and my place of birth are usually "ohfuckoff".

Which was embarrassing the time I had to phone my credit union...

Posted by Rod Begbie [TypeKey Profile Page] | November 15, 2007 12:56 PM



Awesome. That'd be worth doing for the amusing reaction on the other end of the phone for me... :)
posted by Brockles at 11:15 AM on November 18, 2007 [1 favorite]


After reading through the link, it's occurred to me that there is no solution to this. No matter how one tries to solve the whole combating identity theft thing, there will be somebody, somewhere, responding negatively in a snarky way that engenders nervous giggles and the occasional guffaw from likeminded individuals.

I find comfort in that.
posted by ZachsMind at 11:27 AM on November 18, 2007


I really hate these. My old bank switched over to a system like this a couple of months before I moved away. Favorite sports team? You're a fucking local credit union, there's only 4 options, plus a couple of colleges, that'll cover 90% of your clients. Good thinking there.
posted by shadow vector at 11:29 AM on November 18, 2007


It pisses me of when people don't believe that my mother's maiden name actually is sfdjlfkjshlgfslkjdflhjgljk. Bastards.
posted by Foci for Analysis at 11:40 AM on November 18, 2007 [2 favorites]


Wouldn't this guy's method have the same problem as using the same password for every site? (i.e., the admin of any site will be able to guess the answer for every other site)

Hm.. I guess you could combine it with a passwordlet...
posted by you at 11:47 AM on November 18, 2007


If I ever got the question, "what's your favorite sports team" I wouldn't have an answer. I couldn't make up an answer that I would remember later. Honestly. For me that's like the worst possible security question they could ever ask.
posted by ZachsMind at 11:58 AM on November 18, 2007


Wouldn't this guy's method have the same problem as using the same password for every site? (i.e., the admin of any site will be able to guess the answer for every other site)

Not if they're encrypting the password so that it's not readable by the admins.
posted by chrismear at 12:17 PM on November 18, 2007


Which, admittedly, there is an outside chance they're not doing.
posted by chrismear at 12:18 PM on November 18, 2007


It really is all about protecting stupid people from themselves. Where I work, (and I'm sure where you work) any password can be found by looking for the post-it note. In addition most people tend to use the HR (payroll) site as their home page, so we had to add a 2nd password in order to see any personal info on the site.
posted by Gungho at 12:27 PM on November 18, 2007


StupidQuestion SnarkyComment Booyah
posted by limon at 2:00 PM on November 18, 2007 [2 favorites]


I was kind of hoping this would tell me what happens if you answer "no" to "did you pack this bag yourself?"
posted by sfenders at 2:11 PM on November 18, 2007


That "passwordlet" link in you's comment is a link to a Google search that just points at my Passwdlet. Which wouldn't really solve this problem since it inserts the generated password only in password fields and fields named "password". But you could use my Password generator form to encrypt your answer.
posted by nicwolff at 2:11 PM on November 18, 2007 [2 favorites]


you are supposed to write your password on the underside of the keyboard, not on post-its.
posted by lemuel at 4:56 PM on November 18, 2007 [1 favorite]


sfenders - in my experience, it leads to a small room, a *very* thorough search of the bag, your other bags, and your person, and a stern warning to Not Do That Again...

of course, this did happen to be the time I was carrying a pack full of of little summer dresses and similar chick clothes for the friend I was meeting overseas at the time... "seriously, that's not my dress... I *told* you I didn't pack this bag myself"...
posted by russm at 5:49 PM on November 18, 2007 [1 favorite]


Computer security is often counter-intuitive. Noted security expert Bruce Schneier (author of the software cryptography bible, Applied Cryptography) recommends you write down your password. Why? Remembering many complex passwords is difficult, but "we're all good at securing small pieces of paper" on our person: we carry cash.
posted by sdodd at 7:35 PM on November 18, 2007 [1 favorite]


I always thought "mother's maiden name" was culturally insensitive. As someone with a Latin American surname my mother's maiden name is part of my last name - it is there on every piece of ID I have. It is my name.

In other words, if Gabriel Garcia Marquez were asked this question, he would answer "Garcia." Great security there....
posted by vacapinta at 10:01 PM on November 18, 2007 [1 favorite]


(..oops, meant he would write "Marquez"..)
posted by vacapinta at 10:02 PM on November 18, 2007


When they ask for your Mother's Maiden Name, that's just a password. You don't need to use the actual name. Me, I like the idea of always using "ZANGIEF".

Yes, that Zangief.
posted by Eideteker at 5:47 AM on November 19, 2007 [2 favorites]


Yeah, but of course the problem is if you just make something up, you'll probably forget it because unlike a password you don't use it all the time and you forget it.

Whatever happened to just letting people pose their own security questions? And then there is the issue of people picking obvious things.

When I was in highschool one of my fellow students email address was "JesusIsRad@hotmail.com" (slightly changed in case he's still using it). His password? That's right, Jesus.
posted by delmoi at 11:40 AM on November 19, 2007


« Older The Patterson-Gimlin Bigfoot is actually a...   |   Race and Intelligence Newer »


This thread has been archived and is closed to new comments