Pro tip: your 'secret' security question answers are probably not secret

I was helping my cousin reset his email password last week, and the security question was 'What's your mother's maiden name?'. He just typed it in, no hesitation. I asked him if that was actually his mom's real name, and he said yeah, why wouldn't it be? Dude, that info is probably on a dozen genealogy sites and maybe even his own public social media. I see this all the time. People use real, easily findable facts for those recovery questions. If you're using your real high school mascot or pet's real name, you're basically handing over a backup key. I started using completely fake answers years ago, like 'mascot: purpleplatypus' and storing them in my password manager. It adds one extra step but makes those questions actually secure. How do you guys handle making up answers you'll actually remember later?

2 comments

2 Comments

colemiller24d ago

My aunt got her bank account locked because she forgot the fake name she used for her first pet... she put down "dragon" and then years later had no memory of it. I keep a note on my phone now with all my fake answers, like my fake elementary school is "Moon Base Alpha" and my fake first car is a "hoverboard". It's the only way I can keep track.

raymartin24d ago

Yeah, that's a huge problem with those security questions... read an article once about how they're actually really weak for protection. A lot of those answers are easy to guess or find online, which is why people make stuff up. But then you end up locked out of your own stuff, just like your aunt. The whole system feels broken. Keeping that note is honestly the smartest move, even if it's a pain.