Services Blog Pathologists About Leadership Client Benefits Contact Login

Secret Tactic For Pesky Password Security Questions

hackers password risk management security question security questions whitecoat whitecoat risk management Aug 20, 2019

Cybersecurity

Cybersecurity is something that we all need to be concerned about.  Regardless if we use our computers for casual use, business, fun, or all of the above, there undoubtedly are times when we need to enter usernames and passwords.  

The Password Problem

If you are like I am, I literally have a list of hundreds of passwords for various sites.  The best practice is that you have a different password for each site. But that can be very hard to do.  After a while, you just have a hard time even thinking up new passwords, let alone remember them.  And beyond that, truly secure sites often require you to change your password every 60, 90 or 120 days.  Use upper and lower case.  Add a number or two.  Then add in a few random symbols.  Sheesh! When will it end?  

Password Complexity And The Weak Link...

Yes, creating and using complex passwords is good practice, and you should do it. 

But there is a flaw in the entire system that isn't talked about.  It's the use of password reset security questions.  You know...those dumb questions that they ask to make sure it's really you that wants to reset your password.  

It's a highly secretive system that only asks questions that you would know the answer to.  Like...What's your mothers maiden name?  What street did you grow up on?  What school did you go to?  Yeah, like those are really "secure" questions that will ensure you are really you.  I don't think so....

Those questions are about as secure as asking Google the question. In short, these questions can be a serious source of intrusion into your life.  If someone maliciously hacks a site and redirects your e-mails to their own account, then it's possible to look up many of your answers to those questions and provide the answers to gain access to your account. 

Worse yet, many of these sites force you to answer these questions and only give you a handful of question options.  Sheesh.  It's maddening. 

Answering Security Questions .... Securely 

What can you do?  

There IS a solution to password security questions.

The solution to this vexing problem is actually pretty simple and effective.  Develop a standard set of answers to those questions area that is simply nonsense.  Something that doesn't make sense in relation to the question. It's an answer that really isn't a logical answer.  Use that for your answers.  It's easy to find out the name of the street you lived on when you were 6 years old.  But it's nearly impossible to guess if the answer you use has nothing to do with your street name, or when you were six years old.  Those nonsense answers are infinitely more secure. (The key is to actually have a set of uniform answers that you remember...more about that in a minute.)

Using Nonsense For Your Benefit

So when a security question asks...

What street did you grow up on?

Instead of actually using the street you grew up on, like "Main Street" (duh!), make up something that you will remember and enter it instead.  For example, for this question, answer "Aircraft Carrier" or "Poodle"  or "Argentina".  It's up to you what nonsense you want to enter.

Huh? That's not the right answer...

You bet it isn't.  It doesn't make sense!  EXACTLY! You don't want the answer to make sense, or give anyone the ability to look up the real answer.  It will be a lot harder for someone to use those questions to hack in to get your password if the answer isn't obvious or something that they can find on Google. 

That's the whole point!

Your Nonsense System

So how can you remember these nonsense answers?

Now it's time to play some fun games to help you remember.

Perhaps the easiest way of creating a dummy answer is to pick one complex word or set of words and just use them for any security question that is asked.

What is the name of the president when you were born?

....pumpkin delight

What is the name of the street that you grew up on?

...pumpkin delight

What is your mother's maiden name?

...pumpkin delight.

Get the idea?  None of those answers make any sense and it would be very hard for a hacker to guess (or research) the correct answers.  

What is an even more secure option?

You could do the same thing that we just described, but instead of using the same word(s) each time, create an alternate set of answers for the questions.  Use them consistently for different questions.  That will add in additional complexity to the solution.  But don't forget...don't use things that may seem logical. For example....

What is the name of the president when you were born?

....pumpkin delight

What is the name of the street that you grew up on?

...Trout Food

What is your mother's maiden name?

...Mustang GT 500

Just remember these different answers and use them consistently.  But that is probably easier said than done.  So you need a system.  This is one time writing them down wouldn't be the worst thing, provided you don't make it obvious what the answers were for.  Again ... it's nonsense. 

If you have a hard time remembering nonsense, use the answers from someone else that you know that isn't in your family.  Perhaps a friend of yours.  When the questions are asked, use their information to answer them.  While it's different than your real answers (and that's good), they still will make more sense and will be slightly easier to guess than just outright nonsense.  

Personally, I like just using one long answer that is absolute nonsense for all of the questions.  The longer and more complex, the better.  Consider something like "Lions and tigers and bears, oh my!".    Or "The long and winding road". Or "We the people".  Or to get really crafty use a bunch of symbols "$*##((!". Just be sure you remember what you are using for an answer. 

It's my guess that none of these will be a common guess for the name of my grade school...

In summary...

The security questions for various sites can be a significant source of risk for getting hacked.  By creating alternative answers for those pesky security questions, you can make it significantly harder for someone to use that route of intrusion to hack your access.

Make it easy to be secure by creating your nonsense answer and start using it today! Plug that security hole ... with nonsense. 

WhiteCoat Risk Management provides these articles to help improve general risk awareness in all aspects of your life.  It is not responsible for any actions you take or fail to take regarding any aspect of your financial planning or risk management.  This article is provided for information purposes and is not intended to provide individualized advice. You alone are responsible for your decisions.  

Visit or contact WhiteCoat Risk Management at www.WhiteCoatRiskManagement.com or join us on Facebook at https://www.facebook.com/WhiteCoatRisk/ 

Be sure to sign up HERE to receive a notification when new blog posts are published.  

Sign up and be notified of posts when they are published.

Join Us!

Recent Posts

8 Things To Know When Picking A Medicare Plan
Medicare Open Enrollment - October 15 - December 7
Essential Guide to Disability Insurance For Doctors
Close

50% Complete

Just one more thing to do...

Thanks for your interest.  Once you enter your first name and email, be sure to check your email and complete your opt-in.  While you are at it, be sure to "white list" emails from WhiteCoatRiskManagement.com  

Thanks!

Why do we do a double opt-in?  Because we want to provide you with that extra degree of security.