iamjames

like the title says, I'm James

  Home  |   Contact  |   Syndication    |   Login
  28 Posts | 0 Stories | 149 Comments | 0 Trackbacks

News

Archives

Security questions are a part of the internet, right up there with logins and passwords.  No one thought much about them until Sara Palin's Yahoo account was hacked because her security question was something stupidly easy to find online:  "Where did you meet your spouse?" (UPDATE:  which is apparently still being used as a security question)

So now security questions have been given the attention they deserve, but I still see supposedly knowledgeable websites (I'm looking at you goodsecurityquestions.com) suggesting really poor security questions.

Because I hate the idea of people googling "good security questions" and being offered poor questions like "What is your oldest sibling’s birthday month? (e.g., January)" (Bet I can guess it in twelve guesses or less!) or "Where does your nearest sibling live? " (Gee, hope you two aren't friends on each other's facebook or myspace, because it would only take a minute to find the answer), I've decided to post actual good security questions and why they're good questions.

A good security question will have the following characteristics:
1.  Easy to remember, even 5 or 10 yrs from now
2.  At least thousands of possible answers
3.  Not a question you would answer on facebook, myspace, in a "Fun Questions to Ask" survey, or in a article or interview
4.  Simple one or two word answer
5.  Never changes

Things to avoid:
1.  Favorite foods, colors, etc:  these change over time
2.  Vehicle make and model:  there's only so many types of cars, trucks, etc.  Most people could rattle off the popular makes and models of a era rather easily
3.  Birthdays:  birthdays are poor because they're easy to find online, even siblings or parents, since most social networking sites will send out alerts to everyone when birthdays are approaching
4.  What is family member's name or birthday:  again, if they're family there's a good chance they're your friend on a social networking site, so this info would be easy to find
5.  School name, location, etc:  it is usually easy for someone to find out the area a person lives or grew up, and there's usually only so many schools in an area
6.  First job location, name, etc:  again, usually easy to find out where someone grew up, there's a limited number of popular first jobs, and this is a question you might answer in a "Fun Questions to Ask Friends" survey
7.  What is color of....:  poor question because there's only so many colors of vehicles, hair, etc, unless you got very specific like "desert sand mica", even still friends and family would know the color and there might even be photos of your vehicle on your facebook, myspace, etc

So here's a list of questions I've come up with and why they are good questions:
What was the last name of your third grade teacher? It's unlikely that you answered this anywhere, teachers change over time and most schools will have multiple teachers for each grade
What was the name of the boy/girl you had your second kiss with? first kiss seemed too obvious, unlikely you went into great detail online about your second kiss
Where were you when you had your first alcoholic drink (or cigarette)? Again, unless you're a teenager and you posted online how excited you were for your first beer, it's unlikely you answered this anywhere.  Use a specific location and avoid answers like home, school or work.
What was the name of your second dog/cat/goldfish/etc? First pet's name is too obvious, but only use if your second pet isn't your current pet. 
Where were you when you had your first kiss? Great question, even if you talked about having your first kiss online it's unlikely you went into great detail about where you were.  Just make sure the answer is short and not obvious like "homecoming dance" or the name of your high school
 When you were young, what did you want to be when you grew up? only use if the answer is not cop, doctor, firefighter or other very obvious answers
 Where were you when you first heard about 9/11? A little morbid, but most of us are probably not likely to forget the answer.  Use a specific location, avoid answers like home, school, or work.
 Where were you New Year's 2000? Since myspace and facebook didn't exist in 2000 it's unlikely this is posted anywhere (unless you're a famous celebrity), but only pick this if the answer is not "at my parents house" and you were alive in 2000.
What's John's (or other friend/family member) middle name? Since most people will not know who "John" is this would make a great question.  You can also use their info for hard to guess security questions like "What was the name of John's first dog?"
 Who was your childhood hero?  Since a childhood hero could be anyone this could be a good question as long as answer is not superman, my dad/mom or my brother/sister
 What is the first name of the person who has the middle name of Herbert? Tough question to answer.  It is very unlikely you posted this anywhere, and since most people do not have their full names online this would make a great security question. 



Here's some questions that seem like they're good but they're really not.  I found all of these security questions online labeled as "good" security questions

What was your childhood nickname? Very likely your friends and family know this, and you might have answered this in a "Fun Questions to Ask" survey
What is your oldest sibling's birthday month and year (e.g., January 1900)? Even if someone just guessed there's only about 240 possible answers (20 yrs * 12 months a year), and if your oldest sibling is your friend on facebook or myspace this answer is very easy to find
What is your oldest cousin's first and last name? If you're using this as a security question you're probably friends with your oldest cousin on facebook or myspace
What is the first name of the boy or girl that you first kissed? You might have answered this in a "Fun Questions to Ask" survey, and your spouse and ex's probably know the answer to this.
What is your youngest brother's birthday? Again, if you're using this as a security question you're probably friends with your oldest cousin on facebook or myspace
What was the name of your elementary / primary school? it is usually easy for someone to find out the area a person lives or grew up, and there's usually only so many schools in an area
What is the name of your grandmother's dog? This is a poor question for many reasons.  First, you might have talked about this online ("went to grandma's and played with her dog Rex").  Second, which grandmother?  Third, what if dog dies and she gets another one?  Fourth, all of your family would know the answer. 
What are the last 5 digits of your driver's license number? I don't even know the answer to that, and if you someday move to another state it's very likely to change
On which wrist do you wear your watch?
This is so outrageously poor that it is laughable and I can't believe someone actually thought this was a good security question.  How many possible answers are there?  The scary thing is the person posting this then linked to goodsecurityquestions.com, which makes me wonder if they either got the question from there at some point or own the website.
   



Well there you have it, if anyone uses any of these suggestions please let me know.

posted on Wednesday, September 23, 2009 10:28 AM

Feedback

# re: How to pick a REALLY good security question 9/24/2009 11:25 AM NerdOfAllTrades
For the driver's license one, it gets worse...

In Ontario, Canada, the last 6 digits of your drivers license are Y-YMMDD of your birthday. If a person sees "Ontario" as your location and you put that in as a security question, you're screwed.

# re: How to pick a REALLY good security question 9/24/2009 12:30 PM Bruce
Good list. The US Army just made a set of questions you had to pick and answer in order to login and get your email. Almost every one of them was what is your favorite ... They provided stock answers. For example What is your dream car? Stock answers included Ferrari, Lamborghini and Aston Martin. Who would pick pickup truck or beater as an answer?

Maybe you could teach them a thing or two.

# re: How to pick a REALLY good security question 9/24/2009 1:49 PM Tracy Hall
Miserable list - and you must be the schmoo making my life miserable - for whatever reasonable, I can barely remember ANYTHING before college, I don't give a rat's ass about sports or movies, and can't reliably answer ANY of your questions - the whole POINT is that asking more and more obscure questions to make things "secure" just makes the answers more and more obscure and hard to come up with. Utterly the wrong approach to security.

# re: How to pick a REALLY good security question 9/24/2009 2:24 PM NOBODY
MAKE UP YOUR OWN LOOKUP TABLE AND USE KEYPASS:
Q1:LOOKUP1....A1:1GH$^%J6HE&DJEH23
Q2:LOOKUP2....A2:3JEISJ&#&KDJHFEJFD9
ETC.

# re: How to pick a REALLY good security question 9/24/2009 3:16 PM Matthew
Q: What was your first pets name?
A: nowegmp

# re: How to pick a REALLY good security question 9/30/2009 3:23 AM Daniel Graversen
So what is wrong with password remembers like passwordsafe or other tools.
I normally type in garbage in to these fields.

# re: How to pick a REALLY good security question 5/24/2010 9:50 AM TsuKata
The problem with typing in garbage, for me, is that some of these places will ask you the same question on the phone for verification that they ask online. I may be able to look it up on my computer, but sometimes I'm going to be calling for service (or a lost/stolen card) and need to know the answer to the question without access to a computer.

The place I'm thinking of uses "what is your best friend's last name"...which is just ridiculously bad when you consider Facebook.

# re: How to pick a REALLY good security question 5/26/2010 6:05 PM Ryan Mitchell
Many states have algorithms that generate a driver's license number based on a name and birthday (Washington state, for example: http://www.highprogrammer.com/alan/numbers/dl_us_wa.html) Yet another reason any security question based on a driver's license number is a bad one!

# re: How to pick a REALLY good security question 10/28/2010 6:47 AM military school
Fantastic post and this was the great article i hope that this website continue to post such thing that will provide the solution to needy person.

# re: How to pick a REALLY good security question 11/10/2010 10:52 PM Internet Advertising Agencies
Its really nice security question list.But what ii I gave some answer & forgot that?Please suggest some idea for this.

# re: How to pick a REALLY good security question 11/18/2010 11:27 PM emi shield
Thanks for sharing such a great article.

# re: How to pick a REALLY good security question 11/22/2010 5:26 AM adult sex store
Really an wonderful article to read keep posting.

# re: How to pick a REALLY good security question 11/23/2010 6:33 AM mumbai seo
I would bookmarked this website to read further information.

# Mrs 11/29/2010 3:08 AM alopecia medicine
Very well written article on the security question its detailed characteristic things to avoid.

# re: How to pick a REALLY good security question 11/30/2010 11:50 PM green cookware
I liked the part on how to avoid things concerning Security questions.

# re: How to pick a REALLY good security question 12/8/2010 12:06 AM Discount Cigarettes
And unless correctly to base safety on the data which it is possible to learn without contact to the owner? I think that was not present

# re: How to pick a REALLY good security question 12/9/2010 8:13 AM happy_hedgehog
On which wrist do you wear your watch? It seams to me as nice question if answer is something totally unrelated. BTW, I have numbers in PIN code format written on my credit cards in poor writing. At least a thief can waste a few trials.

# Mrs 12/13/2010 11:44 PM fulfillment
Pretty good post. I just stumbled upon your blog and wanted to say that I have really enjoyed reading your blog posts. Any way I'll be subscribing to your feed and I hope you post again soon.

# re: How to pick a REALLY good security question 12/16/2010 12:01 PM Soigner Hemorroides
Nice blog! Is your theme custom made or did you download it from somewhere? A theme like yours with a few simple adjustements would really make my blog stand out. Please let me know where you got your theme. Cheers

# re: How to pick a REALLY good security question 12/16/2010 12:36 PM Comment Tomber Enceinte
Excellent site you have here but I was wondering if you knew of any community forums that cover the same topics discussed in this article? I'd really love to be a part of group where I can get feedback from other experienced people that share the same interest. If you have any suggestions, please let me know. Thanks!

# re: How to pick a REALLY good security question 12/26/2010 9:04 AM plancher chauffant
Pretty good list, nice article! Thank you for this post.

# re: How to pick a REALLY good security question 12/27/2010 5:06 AM motorcyclelawyercalifornia
I appreciate your idea here. Definitely it has a good content. Thank you for imparting more of your own thoughts

# re: How to pick a REALLY good security question 1/26/2011 10:32 PM Hydrolyze
Sometimes you don't have a choice when choosing a security question. They just give you 4 pre-made questions and you can't change them.

# re: How to pick a REALLY good security question 2/4/2011 2:38 AM bogie
Since mostly you are stuck with the lame questions, just lie. You can use something like nikon@99 for best friend or pet's name. Just make sure it's something that is easy for you to remember.

# re: How to pick a REALLY good security question 5/26/2011 11:48 PM MurphysDaze
Some VERY good tips and options here. @Tracy Hall - I'm the same: I can't seem to remember anything before college. However, the following security question is my one exception:

"What's my favorite third grade song?" works for me. Through trial and error, I realized I needed a question with an answer that is tied to something very memorable in my past, unchangeable, AND unknown to/unasked by others.

# re: How to pick a REALLY good security question 6/6/2011 11:45 AM Dude
The one with the third grade teacher is really poor - at least all your classmates from third grade and probably a lot of your friend will know...

# re: How to pick a REALLY good security question 7/29/2011 12:19 PM mehree
The coolest thing about the work behind this release went into rethinking the building of debs. The "deb source file" one uses to produce DEB packages is very hardwired to use the name of the software in both filenames (37 files) and file contents (78 times). So for instance what was done to produce MariaDB debs was essentially to take the deb-src package for MySQL and just rename all package names and dependencies from mysql to mariadb. So to produce mepsql you rename all those places again,DJ point


# re: How to pick a REALLY good security question 10/7/2011 6:06 PM JW
The best question/answer is one that doesn't make any sense. You pick a random word...say...aardvark...and then from now on, no matter what the question asked is, answer is always aardvark. What's your mother's maiden name? aardvark What street did you live on when you were a kid? aardvark What was your first pet's name? aardvark

It works.

# re: How to pick a REALLY good security question 11/23/2011 10:16 PM CO
Just a note, "Which wrist do you wear your watch?" DID come from goodsecurityquestions.com... from their list of questions not to use!

# # re: How to pick a REALLY good security question 11/23/2011 10:16 PM CO 5/23/2012 5:44 PM iamjames
goodsecurityquestions.com has read my article and has updated their questions, but when I wrote this in 2009 they use to recommend people use "Which wrist do you wear your watch?" as a "good" security question

# re: How to pick a REALLY good security question 7/26/2012 10:49 AM Sparky
I pick answers that have nothing to do with the question. The answer to "what is your favorite color" actually the answer to "what is the last name of your first girlfriend", or something like that. It's highly unlikely someone will guest my favorite color to be "Jackson". I do have to keep a list, but not of the answers, just of what the actual question is for each security question i've used.

# re: How to pick a REALLY good security question 7/28/2012 6:11 PM Einstein
Why do you allow your blog comments to be overrun with spam? geekswithblogs should set a better example....

# re: How to pick a REALLY good security question 7/28/2012 6:28 PM iamjames
i know... i clicked the wrong button and approved all comments, never went back and removed them. I removed some today

Post A Comment
Title:
Name:
Email:
Comment:
Verification: