• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Bear Bibeault
  • Devaka Cooray
  • Liutauras Vilda
  • Jeanne Boyarsky
Sheriffs:
  • Knute Snortum
  • Junilu Lacar
  • paul wheaton
Saloon Keepers:
  • Ganesh Patekar
  • Frits Walraven
  • Tim Moores
  • Ron McLeod
  • Carey Brown
Bartenders:
  • Stephan van Hulst
  • salvin francis
  • Tim Holloway

mother's maiden name  RSS feed

 
author & internet detective
Posts: 38906
684
Eclipse IDE Java VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The NYTimes wrote an article about security questions not being secure. Like mother's maiden name.

If you were picking your own security question, what would you pick? And not random giberish. Something that a user could actually type in and know.
 
Bartender
Posts: 1970
57
Eclipse IDE Google Web Toolkit Java
  • Likes 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Rather than adding a question, my suggestion would be to add totally nonsensical answers to such questions.

I heard that long phrases like
will take 285 nonillion years to crack

source: http://crambler.com/password-security-why-secure-passwords-need-length-over-complexity/
 
Saloon Keeper
Posts: 5035
134
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
How would you remember on which web site you used which nonsense answer to which question?
 
salvin francis
Bartender
Posts: 1970
57
Eclipse IDE Google Web Toolkit Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Tim Moores wrote:How would you remember on which web site you used which nonsense answer to which question?


its simple, slight variations ....

Eg.
No coderanch!! I won't give you my mommi's name?!!

 
Bartender
Posts: 1856
81
Android Chrome IntelliJ IDE Java MySQL Database
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Tim Moores wrote:How would you remember on which web site you used which nonsense answer to which question?


One could use something Last Pass for this store of thing.
I currently do use Last Pass, so I only need to know about two or three passwords.
 
salvin francis
Bartender
Posts: 1970
57
Eclipse IDE Google Web Toolkit Java
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The above answer should take 32439058308781800000000000000 centuries  to crack as per passfault.com

However, the issue is that if a site stores such answers in clear text format, and a hacker gets access to one of them...  
But, the most certain thing is that when it comes to passwords/pass phrases, nonsense makes more sense than randomness. It could be a silly rhyme or complete rubbish sentence, but, it will be more secure than a shorter mixed character password.
 
salvin francis
Bartender
Posts: 1970
57
Eclipse IDE Google Web Toolkit Java
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
https://xkcd.com/936/
funnypic.png
[Thumbnail for funnypic.png]
 
Marshal
Posts: 61702
193
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

salvin francis wrote:. . . long phrases like
will take 285 nonillion years to crack . . .

Yes, but you have to supply a blood sample every time you log on.

Who knows what sort of tissue samples they will need in ten years' time
 
Sheriff
Posts: 23866
50
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
When I was given the choice of a security question I chose "Why is there something and not nothing?"
 
Marshal
Posts: 67163
169
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'd ask myself questions that only I would know the answer to. Such as "Where were you for your first kiss?", or "Where were you at when you saw (redacted friend's name) for the last time?"

I also have "rules" for how to form the answer so things like punctuation and capitalization don't trip me up.

 
Master Rancher
Posts: 81
23
Opera
  • Likes 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I try to alway pick security questions that are things both my husband and I know, in case on of us is sick and the other needs to access the account. Plus, on joint accounts, it's hard to remember who's first pet we're talking about. I also pick ones that aren't on record anywhere--so no "What street did you first live on?" or "what's your mother's maiden name?" or "What school did you first go to?" etc.

So, I'd pick questions like, "Who was the flower girl at your wedding?" or "Where was your first date?" or "What's your brother's favorite color?" (my husband doesn't have a brother, just a sister, and I only have a brother, so we know who we're talking about).  
 
Tim Moores
Saloon Keeper
Posts: 5035
134
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Pete Letkeman wrote:
One could use something Last Pass for this store of thing.


Sure, an app like that would help (and I use one myself), but with a tool like that, the whole problem goes away, as one could use it to store any number of passwords and question/answer pairs, no?
 
Tim Moores
Saloon Keeper
Posts: 5035
134
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

salvin francis wrote:
its simple, slight variations


But variations make it harder, not easier, to remember a range of questions and answers. Or do you take the use of a password manager as a given?
 
Sheriff
Posts: 5446
147
Chrome Eclipse IDE Java Postgres Database VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

salvin francis wrote:https://xkcd.com/936/


I used this formula to create my WiFi password.
 
Ranch Hand
Posts: 974
11
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
For me it is always the name of one certain secret lover I had. Nobody apart from me would know her name. Unless I'd run for a political public role, maybe.
 
Jan de Boer
Ranch Hand
Posts: 974
11
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

salvin francis wrote:Rather than adding a question, my suggestion would be to add totally nonsensical answers to such questions.



But if they are nonsensical I cannot remember the answer myself. Same goes for very long answers. One typo, and you're busted.
 
Marshal
Posts: 6255
420
BSD
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Jan de Boer wrote:For me it is always the name of one certain secret lover I had.


Since passwords need to be changed, you must have a big database.
 
Bartender
Posts: 9548
12
Linux Mac OS X Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Liutauras Vilda wrote:

Jan de Boer wrote:For me it is always the name of one certain secret lover I had.


Since passwords need to be changed, you must have a big database.



If you need to change your password, you just have another secret affair!
Seriously, I use a password manager (Password Safe) and I don't use "real" data for those questions.  Way too easy for someone to figure out those answers in the age of social media.
 
Pete Letkeman
Bartender
Posts: 1856
81
Android Chrome IntelliJ IDE Java MySQL Database
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sorry, missed this for a day or two.

Tim Moores wrote:Sure, an app like that would help (and I use one myself), but with a tool like that, the whole problem goes away, as one could use it to store any number of passwords and question/answer pairs, no?


Yes, using something like Last Pass pretty much solves the problem.

Speaking for Last Pass only I can say that you can store not only user names and passwords pairs, but question and answer pairs.
And I use Last Pass to also store my credit card information which I use for online purchases.
This way I don't need to find my credit card when I want to make a purchase.
Plus Last Pass can be used to store common form values like address information.
Useful when you have to provide that information for a purchase or when you are developing a form and you need to test it out.
Aside from all of that it's works with Android, IOS, Internet Explorer, Firefox and Chrome.

It's been my experience that many times when you need to answer secondary questions and answers it is because you have forgotten your password and would need to reset it.
 
Paul Clapham
Sheriff
Posts: 23866
50
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Jan de Boer wrote:

salvin francis wrote:Rather than adding a question, my suggestion would be to add totally nonsensical answers to such questions.



But if they are nonsensical I cannot remember the answer myself. Same goes for very long answers. One typo, and you're busted.



Yes, I tried the nonsensical answers and had exactly the same experience -- I couldn't remember them.
 
Jan de Boer
Ranch Hand
Posts: 974
11
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Liutauras Vilda wrote:

Jan de Boer wrote:For me it is always the name of one certain secret lover I had.


Since passwords need to be changed, you must have a big database.



No, no, I am not that kind of guy, honestly. One secret lover, and then, Lover201712, Lover201801, et cetera. The same name with a datelike string behind it.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!