dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
19
share rss forum feed

redwolfe_98
Premium
join:2001-06-11
kudos:1
Reviews:
·Time Warner Cable
reply to antdude

Re: Secret Security Questions Are a Joke

my thinking is that the problem with "security questions" is that they are less secure than passwords since, a lot of times, the security questions ask you for personal information that can be dug up, like "what street did you live on when you were a child?" "what is your mother's maiden name?".. so, i use bogus information for those types of security questions..

one time, when i had a problem with my yahoo account, instead of giving me security questions to answer, they told me to tell them what the security questions were, as well as the answers.. i couldn't tell them what the security questions were but said that if they would tell me what the security questions were then i would provide the answers, but they refused to tell me what the security questions were.. uhg!



Snowy
Premium
join:2003-04-05
Kailua, HI
kudos:6
Reviews:
·Clearwire Wireless
·Time Warner Cable

said by redwolfe_98:

one time, when i had a problem with my yahoo account, instead of giving me security questions to answer, they told me to tell them what the security questions were, as well as the answers..

The 'what are your questions' challenge was an easy way to harden a weak verification routine with data that was already there.
I had the same problem with not knowing the questions because it wasn't necessary to remember them when they were set.
I don't know of any service provider that adopted this extra challenge that actually informed it's users of the change.


EGeezer
zichrona livracha
Premium
join:2002-08-04
Midwest
kudos:8
Reviews:
·Callcentric

What's even more fun is when the site security admins expect you to remember not only the answer to the security question you provided, but the question itself.

I had a particular law enforcement site that required me to call in to to replace an expired password. the admin asked me "What is your security question and answer?"

That one took a little time but I finally guessed the right question, and provided the right answer.