Answers to Security Questions

[meierlde]

Quote:

Originally Posted by veremchuka I use KeePass for userids, passwords and security questions. I never use the same userid (unless they require my email address which I hate), password or answer to a security question. What hospital were you born in? Blue2 4X treecorn What is you mother's maiden name? 66 excavator 18T What was your 1st pet's name? Altogether42 airplane 29$$ No problems with those security questions here.

Actually if folks read obituaries you find that if your mother has passed on it is likley that her maiden name is in the obituary, along with your name as a child and the town you live in. This does suggest that mothers maiden name for more mature folks is a very poor security question, until obituaries are written to avoid stating the childrens home towns. Better say the maternal grandmothers maiden name, as that takes a lot more tracing back, and assumes folks have not changed cities in the interim.

[MRG]

Quote:

Originally Posted by meierlde Actually if folks read obituaries you find that if your mother has passed on it is likley that her maiden name is in the obituary, along with your name as a child and the town you live in. This does suggest that mothers maiden name for more mature folks is a very poor security question, until obituaries are written to avoid stating the childrens home towns. Better say the maternal grandmothers maiden name, as that takes a lot more tracing back, and assumes folks have not changed cities in the interim.

Very true.
I just misspell my mother's maiden name. Misspelling comes naturally to me.

Sent from my SAMSUNG-SGH-I337 using Early Retirement Forum mobile app

[RonBoyd]

FWIW, here is a free password generator worth considering:

Master Password: Off-Line Password Generator & Vault

[psweath]

I'll never complain or be annoyed again about the security, challenge questions/passwords. It apparently is what prevented me from potential harm last week. My credit union called and said someone called in and had my account number AND my SSN! They were trying to do a wire transfer. They didn't have my call-in password and apparently didn't know my first pet's name (or the other questions either). This is what raised the red flag, and also started a flurry of activity on my part. Had to close my old and re-open a new account which was linked to several sub-accounts (checking, savings, visa, HELOC) which of course my wife was joint on. Notify the credit bureaus and put a fraud alert out there, file an affidavit with the IRS, and the most time-consuming was re-setting up all the auto payments and direct deposits. The $10/month id theft service I have was very helpful in both initiating things for me, and giving me all the information I needed to do stuff that had to be done only by me. I won't complain about that $10/month again either!

So, I'm now as diligent about the answers to those security questions as I am about my passwords themselves. There's still at least one bad guy out there with my SSN! Lots of good ideas in this thread too. Thanks everyone.

[sengsational]

I'm a paid LastPass user (so can use it on my phone). I also printed-out a one-time password list and carry that in my wallet (just looks like jibberish).

And like many, I make-up answers to the security questions using a "rule". The problem is that if a site is compromised and someone sees the answers to my security questions, that can be leveraged on a different site.

Only marginally related, but here's a cool password related link: https://www.grc.com/haystack.htm

Quote:

password: yRDrATI4c!ng Massive Cracking Array Scenario: (Assuming one hundred trillion guesses per second)1.74 centuries

[Chuckanut]

Quote:

Originally Posted by sengsational Only marginally related, but here's a cool password related link: https://www.grc.com/haystack.htm

Steve Gibson is one of the saner voices in this entire computer security mess.

[sengsational]

Quote:

Originally Posted by Chuckanut Steve Gibson is one of the saner voices in this entire computer security mess.

I got to listening to a bunch of netcasts back when I had a lot of commute hours to fill. Now, not having to fill-up drive-time, I gave-up almost all of them. But I still listen to Security Now (and sometimes Freakonomics Radio).

[Chuckanut]

You've got to wonder why some lawyer hasn't jumped on this

Quote:

KrebsOnSecurity also heard from an employee at a much larger bank on the West Coast that lost more than $300,000 in two hours today to PIN fraud on multiple debit cards that had all been used recently at Home Depot. The manager said the bad guys called the customer service folks at the bank and provided the last four of each cardholder’s Social Security number, date of birth, and the expiration date on the card. And, as with the bank in New England, that was enough information for the bank to reset the customer’s PIN.

Amazing. And very sad.

http://krebsonsecurity.com/2014/09/i...it-card-fraud/

[Chuckanut]

Quote:

Originally Posted by sengsational I got to listening to a bunch of netcasts back when I had a lot of commute hours to fill. Now, not having to fill-up drive-time, I gave-up almost all of them. But I still listen to Security Now (and sometimes Freakonomics Radio).

Leo and his various hosts and guests are among the best.

[TromboneAl]

Quote:

Originally Posted by sengsational I also printed-out a one-time password list and carry that in my wallet (just looks like jibberish).

I'm not understanding that. Can you explain?

[RonBoyd]

Hmmmm... maybe an e-mail with a newly-generated passcode each time one logs in will appease the truly paranoid:

https://www.dropboxatwork.com/2014/0...-verification/

[calmloki]

Quote:

Originally Posted by psweath I'll never complain or be annoyed again about the security, challenge questions/passwords. It apparently is what prevented me from potential harm last week. My credit union called and said someone called in and had my account number AND my SSN! They were trying to do a wire transfer. They didn't have my call-in password and apparently didn't know my first pet's name (or the other questions either). This is what raised the red flag, and also started a flurry of activity on my part. Had to close my old and re-open a new account which was linked to several sub-accounts (checking, savings, visa, HELOC) which of course my wife was joint on. Notify the credit bureaus and put a fraud alert out there, file an affidavit with the IRS, and the most time-consuming was re-setting up all the auto payments and direct deposits. The $10/month id theft service I have was very helpful in both initiating things for me, and giving me all the information I needed to do stuff that had to be done only by me. I won't complain about that $10/month again either! So, I'm now as diligent about the answers to those security questions as I am about my passwords themselves. There's still at least one bad guy out there with my SSN! Lots of good ideas in this thread too. Thanks everyone.

Hmm. My gal would suggest her causation theory and wonder if you had NOT had a $10/month id theft service if you wouldn't have avoided the id theft. Same theory suggests that virii are fostered by anti-virus programs. Maybe your id theft service neatly filtered for people whose id was worth stealing. See also: McAfee Anti-virus and John McAfee, pillar of virtue.