Well this article is about 15 years late.
When asked, my mother’s maiden name is “0nzoIHUzdTMu2YDz”.
Always encrypt your mother
By wrapping standard bank security questions, like your mother’s maiden name, your first pet, or the street you grew up on
These questions have made me wonder ever since I first saw them. So I want to ask you all:
Do you take them for serious?
It seems a cultural difference maybe, but I could never remember what I have answered to one of them. I don’t even know the true answers to most of them, and if I know it, then I would still not want my bank to know it.
The only way where this kind “security” makes sense to me is when I can freely type in both the question and the answer. Then I choose a question that does not make sense to most other people, only to me personally, and then I won’t ever forget the answer.
As long as you can choose the answer, you can also choose what the question really is. You can just decide that questions about your mum’s maiden name are actually asking you about the last name of the doctor that delivered your first born.
Or, better yet don’t tie security to personal or externally verifiable information about yourself. In the one or two cases, in recent years, where I’ve had to fill out such (in)security questions, I’ve just treated them as additional password fields, where I just create additional fields for them in my password manager, and generate long, random responses as their correct answers. Why yes, my mother’s maiden name is Correct7Horse@Battery!Staple, why do you ask?
I once did that, and had to spell out a 32 character alphanumeric password with special characters over the phone lol
You had to share your password over the phone? That’s asinine. And you say it was your bank, and a major one, to boot? Wow. If that’s their approach to security, I’d tell them they can just look up my password in their database, which I’d assume to be in plaintext too (and to actually just be a really big Excel sheet).
Anyway, regardless, you need some passphrases in your life! So much easier to deal with, if you ever have to share it out loud, and more importantly, a whole lot easier for you to parse and manually type, on the occasions where it can’t be auto-filled. As I said before, Correct Horse Battery Staple! :)
Sorry, it was a security question, not a password, my bad!
And yes, I have since been enlightened about the church of the correct horse battery staple
password […] over the phone
Please tell us the name of that bank, so we can avoid it.
Biggest credit union in Canada
additional password fields, where I just create additional fields for them in my password manager, and generate long, random responses
Such hassle…
I guess it means yes, you take that stuff for serious.A hassle, huh?
Security questions are an idiotic type of “security”, so of course I never enable them if they’re optional, which they almost always are. As I said, I can count on half a hand how often I’ve used them in recent years.
Occasionally, though, they can be the least bad two-factor option available on a service that either requires 2FA or which makes itself, indeed, a hassle to use when you don’t have any 2FA enabled, such as by throwing captchas at you up the wazoo. If such a service only offers 2FA by email, text message or security questions, then hell yeah, I’ll take the latter option any day of the week. Needing an emailed link or code to log in, now that’s a hassle. Same deal with text messages, but with the additional benefit of them being insecure as hell. You know what’s not a hassle, though? Having one extra field auto-filled by your password manager. That’s the hassle-free option.
As for taking things seriously or not - are you really trying to tell me that you don’t have anything that’s important enough to care about keeping secure? And if not, why would you not care about keeping anything that’s important secure? Especially when it’s so easy, and indeed, hassle-free, to have that security fully automated and handled by your password manager. If your gut reaction to security is that it’s a hassle, then I’m sorry to say that you most likely have both poor security, and unnecessarily difficult or annoying-to-use security, too. Do you subject yourself to the mental load of having to remember all of your hundreds of passwords in your head? Talk about a hassle. Or do you just use the same password for everything? Now that would be a hassle, to have not just one random account somewhere compromised, but to have all of your accounts, everywhere at once, compromised.
Big tech companies don’t accept security questions to log into email. Like you log in correctly, they do the security questions, make you answer them correctly, then still don’t let you in unless you link a phone number, even if you never gave them one and never agreed to.
Did people not know this? I feel like we collectively went through it with the boomers at least twice in the past 20 years.
I always thought security questions were dangerous, but I did in fact not know that quizzes that exploit them exist in the wild.
Yeah this has been a joke for a looong time.
So is LinkedIn but nobody cares.
Overly dramatic headline of the day
Like thats always been the thing for those






