Dumb security questions – what have you seen?

Topic

New Reply

I was setting up access to a financial account which requested security reset questions…. some of them are …. well…. Where were you on New Years
[See the full post at: Dumb security questions – what have you seen?]

Susan Bradley Patch Lady/Prudent patcher

3 users thanked author for this post.

Alex5723, BobbyB, F A Kramer

Reply | Quote

Replies

I haven’t seen any of those, yet.  First pet, first grade teacher, favorite childhood friend, place of birth and the like.

New Years Eve 2000 I was watching fireworks with my family at a city park.

My first babysitter(s) were three neighbor sisters, Joyce, Betty and Peggy.  I live in a very small town and grew up with the same neighbors in the same neighborhood.

I remember my third grade teacher.  Also first, second, fourth, fifth and sixth.  Same small town scenario.

My fourth grade teacher came to our house to ask my mother if she could take me shopping for shoes, since I didn’t wear any at school.  My mother immediately demanded to know what I was doing with my shoes, because she knew I wore shoes every morning when I left the house.  I admitted that I was hiding them in the low fork of an oak tree on the corner, retrieving them on my way home.  I didn’t like wearing shoes—still only wear shoes when I’m going to a store or for a visit.

My mother told the teacher to keep an eye on me, and she said that she would keep that in mind.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

2 users thanked author for this post.

wavy, Susan Bradley

Reply | Quote

My Father is 97 and lives with us.  He does most everything online since it is now difficult to do things in person.  Some of the questions, like your first grade teacher… Of course you can just answer Mickey Mouse as long as you write it down somewhere.

2 users thanked author for this post.

Charlie, MrJimPhelps

Reply | Quote

who cares what the question is. Answer is what counts. answer to who was your 4th grade teacher = point the antenna 10 degrees above horizon

Reply | Quote

“In what city did you meet your wife?”  A great one for unmarried females!

And for that matter, I meet my wife in several cities, depending on her and my employment at the moment.

 

2 users thanked author for this post.

MrJimPhelps, BobbyB

Reply | Quote

“What was the name of your first pet?”

“What was your first car?”

“Which airline did you use for your first flight?”

Another couple of good ones for those who’ve never had a pet, never owned a car or never traveled by air!

As 8bit_abacus pointed out, it’s not really the question so much as being able to remember the answer you used.

i.e. I never owned a pet so I used the name of a very small European city I lived in while serving in the USAF as the answer.

Reply | Quote

bbearren wrote:

New Years Eve 2000 I was watching fireworks with my family at a city park.

New years eve 2000 I was on an 45 days vacation around the world after working months on Y2K projects.
On Dec. 31 1999 I was in Dunedin, New Zealand, in small square with 5 other people watching a big clock waiting for 12 to strike.

Reply | Quote

I agree that the answers are the more important part, as long as you record them in somewhere safe and accessible, but the best one I have had was ‘Where did your parents first meet’, which was a somewhat impossible one for me to really answer as I am adopted and have no idea who my parents were never mind where they met!

There must be thousands of these ‘seriously daft’ questions out there, so I am looking forward to seeing some more.

Reply | Quote

I remember the names of all of my teachers from Kindergarten on up.

I remember the first babysitter whom I remember… but I have no way of knowing if there was/were one or more before that who may have been forgotten. I suppose for the purpose of the question, the first one I remember is as good as the first one proper.

Where I was on any given random day of my life, I probably do not remember. If you want to ask about a memorable moment, like the 9/11 attacks or the assassination of JFK, I can tell you that (the latter being “I didn’t exist yet”), but “New Years’ Eve” of any year is not anything special for me. It’s a day like any other, as are all of the other bank holidays.

You can, of course, pick any question and answer anything, but if you forget what nonsense answer you gave to a question years later, the question will not have served its purpose.

It’s better if you can write your own question. You know the things in your life that are memorable, and it quite often will not be one of the generic “one size fits all” canned questions they give you. Things like “what was your fourth grade teacher’s license plate number?” or “what was your first car’s VIN number?” or “what was your phone number when you were in Kindergarten?” I remember these, and many other random bits of trivia from ages ago, and they would be quite difficult for an attacker to figure out about me even if they had the basic info, but no site with canned questions is ever going to have those as options.

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

Reply | Quote

There are definitely cultural biases at work here. What if you don’t know what your father’s name was? There are probably millions who couldn’t answer that. Favorite grandparent’s nickname – like everyone has had living grandparents? And of course, as pointed out, all the applicable questions you don’t remember the answers to. As has been pointed out, you can make up whatever you want, just make sure to write it down! But actually my favorite question I got was “What is your pet peeve?” My answer: “security questions”. (Don’t worry – not for anything current.)

Reply | Quote

What was the name of your third grade teacher?

I have no idea, but I did remember one teacher’s name from my elementary school (a teacher I never had, by the way!), so I would always put her name for that question. (I say “did remember”, because I can’t remember her name today, so I hope I’m never faced with that question on some account I’ve set up in the past!

Where did you meet your spouse?

I met her online! But I wouldn’t use that as my answer, because “online” would be an easy answer to guess, these days.

Group "L" (Linux Mint)
with Windows 10 running in a remote session on my file server

Reply | Quote

For all security questions, I recommend answering with random numbers or random alpha-numeric characters.  Then record the questions and answers in your password manager notes field.   Any web site that relies on these security questions and expects its customers to give honest answers is insecure.  Security question answers are just additional passwords.

Windows 10 22H2 desktops & laptops on Dell, HP, ASUS; No servers, no domain.

1 user thanked author for this post.

wdburt1

Reply | Quote

I hate security questions. Your answers have to be as hard to crack as your password. Otherwise, who cares what the password is when a hacker can just dictionary attack the security question. Your “friends” might even be able to find the answers on your social media profiles.

What I do is give the right answer with a salt value. The salt value can be a number familiar only to you, like the address number of a childhood home or some word of significance. First pet? Fido3975. 3rd grade teacher’s name? JohnsonArizona. (I leave off Mr. or Mrs.)

The dumbest questions I’ve seen are ones where the answer can change. “What’s your favorite movie/song/etc?” “Where did you meet your spouse?” can change too (did I use my 4th or 6th wife’s name? -Larry King).

Finally, make sure to spell your answers correctly. If you misspell a name when you set the answer, good luck figuring out how it was misspelled when you have to enter the answer later.

Give me MFA instead!

Reply | Quote

Interstate90 wrote:

Give me MFA instead!

I prefer security questions over MFA. MFA has become to easy to bypass these days.

For security questions, i never answer with a real answer. For example,

Q:What school you went to?

A:spoon went to double o

These made it better and easier to use for me. I came up with a pattern for a word and use that. School has two “o” so for me first word that comes to mind is spoon.

 

Reply | Quote

I use the same response for all those inane security questions. It’s a total non-sequitur and  easy for me to remember. There’s no requirement that your response has to match the question.

Peace, CAS

2 users thanked author for this post.

wavy, Cybertooth

Reply | Quote

I started using bogus answers for these sort of questions. At least if someone did manage to find the right answer, it’ll still be wrong!

2 users thanked author for this post.

Cybertooth, wavy

Reply | Quote