Join Early Retirement Today
Reply
 
Thread Tools Search this Thread Display Modes
Those pesky Security Questions...
Old 08-05-2016, 05:54 PM   #1
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Sep 2005
Location: Northern IL
Posts: 17,385
Those pesky Security Questions...

In another thread, I mentioned that I prefer not to use any automated password apps. That might be an irrational fear on my part, but it is what I do, and I know I'm not alone.

So I had mentioned a trick I use (I came up with it independently, but I'm sure it was used by others before me), and it has worked well for me. In short, I have a standard "prefix key" and a standard "suffix key" that are somewhat complex, yet easy for me to remember. So for every site that I want to use a fairly secure password, I use the prefix-suffix and a unique middle word for that site.

So if Prefix is "APPLE123" and suffix is "zebra789" (but use non-dictionary words for better security), I might use "$LB" for the middle word (for "Local Bank" - and since the use of 'special characters varies by site, I add any special characters in the middle word). So for my local bank, my PW would be "APPLE123$LBzebra789". The nice thing is, I can write this down on paper, or on afile in my computer, and all I need is a note to myself for what site it is, and then something like " -- $LB -- ", and I know to add the prefix/suffix. If a bad guy gets that file or paper, they won't know what to do with it. I keep the prefix and suffix written down somewhere else, just in case I have a lapse in memory.

Fine, but those pesky security questions. I was born in a populated city (easy guess). When I was helping my DM with some stuff on the internet, I had to guess her security questions, and the general ones were easy (baseball? chocolate? piano? - you can play Jeopardy and guess the questions!). Many of those specific questions might be discover-able by a motivated bad guy (Mother's maiden name, child's middle name, etc...).

So I borrowed my 'key' idea, and the last time I had to set up security questions, I created a security question prefix. Let's say it was NOYB- (None Of Your Business). So here is how my security challenges are now answered:

What was the name of your best friend in high school?
NOYB-name
What street did you live on in grade school?
NOYB-street
What city did you meet your spouse?
NOYB-city
and so on...

I think I can mange to avoid a too similar question set (like the city you were born and the city you were married) if the site does not allow the same answer for two different questions (but those could be the same anyhow?). So this should work. Heck, if it was a human and you slipped and said "NOBY-married" instead of "NOYB-city", I'd hope they'd figure out that nobody else would have said "NOYB-anything", so that would be good. A computer would see them as different though.

So I will do continue to do this in the future, maybe even go back and change the ones that I can. Anyone see an issue? Suggestions?

-ERD50
__________________

__________________
ERD50 is offline   Reply With Quote
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!

Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!

You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!

Old 08-05-2016, 06:36 PM   #2
Thinks s/he gets paid by the post
RunningBum's Avatar
 
Join Date: Jun 2007
Posts: 4,213
My concern, and I'm not certain it's valid, is that it sounds like you could have the same security answers for multiple sites. Having the same password for different sites is said to be a bad idea, I assume because if someone is able to decode one password they could try it on other sites. Likewise if a bad guy gets your security answers, they might be able to get into other accounts using the same answers.


The fix to that would seem to be a different prefix for each site, so $LB-name, perhaps. Your problem might be in remembering that $LB prefix, which is why you're on the security questions. I tend to use something in the site name as part of my prefix.


Just a thought.
__________________

__________________
RunningBum is online now   Reply With Quote
Old 08-05-2016, 07:30 PM   #3
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Sep 2005
Location: Northern IL
Posts: 17,385
Yes, I've thought about that concern, and also wondered if it was valid. But what bad guy is going to put 2 + 2 together for an individual? They'd have to crack that first one anyhow, and who the heck is going to guess that the answer to "What street did you live on in grade school?" is "MRGFLF9-street" (after they tried Main Street, Washington Ave, MAple Street, Elm Street, etc - by then hopefully they are locked out)? They would need that to guess that you duplicated it elsewhere. I feel pretty good about that.

Interesting idea to use the 'middle key'. I guess I'm just not sure it's needed? I think one for all will work?

I think one important thing is to keep your email password very secure. If they break into that, they could get all the password resets of other sites sent to them. And they might see what other sites you deal with by the emails! That seems like a real can of worms.

-ERD50
__________________
ERD50 is offline   Reply With Quote
Old 08-05-2016, 08:13 PM   #4
Thinks s/he gets paid by the post
 
Join Date: Jan 2006
Posts: 2,694
Quote:
Originally Posted by ERD50 View Post
.......................................
I think one important thing is to keep your email password very secure. If they break into that, they could get all the password resets of other sites sent to them. .................................

-ERD50
Good tip..........hadn't thought about that ........thanks.
__________________
kaneohe is offline   Reply With Quote
Old 08-05-2016, 09:59 PM   #5
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Mulligan's Avatar
 
Join Date: May 2009
Posts: 6,956
The passwords to all my important sites are so random and long, I have never been able to memorize them and I use them often. So of course I keep a file card index book handy to look at them. I have couple of bogus letters on each side of the password in case someone ever steals that.
My ipad has a 4 digit security code and it has stayed the same for years and my fingers just punch it without ever thinking. One day last week the fingers froze and all the sudden I couldnt remember the code (and I bet I opened Ipad up a dozen times in that day alone). I had to dig into my password book to find that... If I ever get diagnosed with Alzheimers I will know what day the first incident happened.


Sent from my iPad using Tapatalk
__________________
Mulligan is online now   Reply With Quote
Old 08-05-2016, 10:03 PM   #6
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
easysurfer's Avatar
 
Join Date: Jun 2008
Posts: 7,267
I treat those pesky challenge questions like another password which are randomly generated and stored in a password keeper. Works for me.
__________________
Have you ever seen a headstone with these words
"If only I had spent more time at work" ... from "Busy Man" sung by Billy Ray Cyrus
easysurfer is online now   Reply With Quote
Old 08-06-2016, 07:05 AM   #7
Thinks s/he gets paid by the post
 
Join Date: Jun 2003
Location: Historic Florida
Posts: 1,315
I was brought up in Europe, we do not have Proms....... A lot of the questions are US Related. and what if you are an unmarried Orphan? You should be able to invent them yourself.
__________________
"Arguing with an Engineer is like rolling in the mud with a pig. Just remember that the pig likes it."
ShokWaveRider is online now   Reply With Quote
Old 08-06-2016, 07:24 AM   #8
Full time employment: Posting here.
 
Join Date: Jun 2016
Posts: 931
Quote:
Originally Posted by ShokWaveRider View Post
I was brought up in Europe, we do not have Proms....... A lot of the questions are US Related. and what if you are an unmarried Orphan? You should be able to invent them yourself.
The answer is the important part. The question can be anything. So if the question is prom related, the answer can be "none".
__________________
COcheesehead is offline   Reply With Quote
Old 08-06-2016, 08:29 AM   #9
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
travelover's Avatar
 
Join Date: Mar 2007
Posts: 9,361
Quote:
Originally Posted by COcheesehead View Post
The answer is the important part. The question can be anything. So if the question is prom related, the answer can be "none".
What? You mean to tell me they don't check to make sure the answers are honest?
__________________
Yes, I have achieved work / life balance.
travelover is offline   Reply With Quote
Old 08-06-2016, 08:38 AM   #10
Thinks s/he gets paid by the post
Car-Guy's Avatar
 
Join Date: Aug 2013
Location: Citizen of Texas
Posts: 2,133
All mine are long complex and random. I keep a password protected spreadsheet on an encrypted USB. The USB only gets plugged into a PC when I need a PW and I keep 2 extra backups of that file on other off line storage devices and sync them up about once a month. Security questions and any other related info can easily be kept within the same spreadsheet. A minor PIA but simple to use, backup, keep off line and carry with me if I'm traveling.

If the USB were to be lost or stolen, it's encrypted with very good encryption software so I'm not worried about that. If a USB were to fail, I have two other off line backups.

So all I really need to remember is the PW to open the encrypted file. It's long and complex too but it is something I'm sure I can remember.

Remaining concerns with PW management are addressed with good virus and malware protection. Nothing is prefect but it's good enough for me.
__________________
Car-Guy is offline   Reply With Quote
Old 08-06-2016, 09:42 AM   #11
Thinks s/he gets paid by the post
 
Join Date: Jan 2008
Posts: 1,495
I don't know what I would do with Keepass password manager. I haven't been asked a security question in at least a year. As I've digitized, automated, and simplified everything while simultaneously hardening myself substantially as a hack target, I've freed up enormous amounts of time to work on higher value things.

I'm not at all being facetious when I say I don't know how I put with all the time-wasting added steps, extra work, and frustrating inefficiencies that existed in my life before. One of the greatest joys of retirement has been being able to get rid of all the useless stuff in life I tolerated before.
__________________

__________________
Options is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Basic Social Security questions fmhealth FIRE and Money 5 10-07-2007 09:08 AM
figuring out that pesky SS number spncity FIRECalc support 3 03-04-2007 04:06 PM
Should I pay off these pesky credit cards??? thefed FIRE and Money 45 02-05-2007 07:21 PM
Shiller Questions Bush Plan on Soc. Security intercst FIRE and Money 4 03-25-2005 05:08 AM
Security cameras catch those who dent your car!! Janie Other topics 12 02-17-2005 04:46 PM

 

 
All times are GMT -6. The time now is 04:51 PM.
 
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.