Secret questions are bullshit.

/Secret questions are bullshit.

Seriously. This is not new, but Google at least now has a pretty infographic about it.

The short answer to secret questions is, a) never answer them “for real”, and b) don’t fake them, either. Instead, use them like tertiary password fields. Use either a mnemonic passphrase or, even better, a randomly generated, 16-character-plus strong passphrase. Then write down the questions and answers somewhere safe, like a password vault, in case you need to dig them up again (you will).

It’s not perfect, but until sites stop using this crap, it’s better than nothing.

2017-11-16T11:21:12+00:0021st July, 2015|Tags: infosec|

One Comment

  1. yellingintothevoid 21st July, 2015 at 12:03 am

    I like secret questions where you can make your own, because then I use questions and answers pertaining to private RP,…

Comments are closed.