Security questions

Whenever I get forced to add a "security" question to an online account, I immediately begin to rage. The reason being is that they add very little in terms of security, as the answers are often out there in the ether, thanks to our pervasive need to share too much on social media.

Years ago I heard the suggestion to obfuscate security questions. I’ve followed it ever since. Security questions are so insipidly stupid and unsafe.

So instead of entering my Mum's actual maiden name, I'll generate a random dictionary string using my password manager, or an online tool and I save those answers in said password manager, so I can refer to them later.

I’ve followed mostly the same pattern. I write down security answers that have absolutey no basis in my life, and add those to my password manager.

Often the answers I write are nonsensical statements that I could recall say the phone to a customer support rep if needed.

My plea to anyone listening is to stop answering security questions with anything that’s true. It’s opening yourself up to getting phished, hacked, or whatever else we call it these days.

Via Kev Quirk.