Security Question Security

Tech Talk, Tech News and Tech Support (Gadgets included)
Post Reply
User avatar
Old Yoda
Posts: 4303
Joined: Sun Nov 14, 2010 10:36 am
Title: agitator
Location: Terminus

Security Question Security

Post by Old Yoda »

Last couple of days a local TV station is cautioning about an on line scam harvesting answers to security questions using a valentines day questionnaire.

Do you give real answers to security questions?

My answers are always nonsence.
Question: You mothers maiden name?
Answer: Trump is a psychopath.

If an option, I make my own question and answer with nonsense.
Question: In what city were you baptized?
Answer: I like yogurt!
Unlimited Growth is the Ideology of a Cancer Cell
User avatar
Donkey Butter
Posts: 1651
Joined: Sun Nov 14, 2010 8:15 am
Title: jerk face
Location: over yonder

Post by Donkey Butter »

how do you remember your answers?

I have a hard enough time remembering the real answer
DEyncourt
Posts: 17356
Joined: Sun Jan 20, 2008 2:38 am

Post by DEyncourt »

For sites that I trust (like credit cards), I keep a list of "sensible" replies on a computer which is NEVER online. I never repeat any of them.

I MIGHT start an entry to something like that Valentines Day questionnaire, but I would drop it upon being ask a security question like mother's maiden name (which is almost certainly posted somewhere online considering how people use genealogy software/sites).
User avatar
avkills
Posts: 3110
Joined: Sun Nov 14, 2010 9:46 am
Location: Everywhere

Post by avkills »

I like to use my luggage code of 1234 for everything. :p
"Killing them dead till they believe"
† The Church of Mark †
User avatar
obvs
Posts: 27607
Joined: Sat Jan 12, 2008 8:44 pm
Title: Socialist isn't an epithet;it's a badge.

Post by obvs »

I do my best to choose questions that can't be looked up, and then I base my answers on the real answers but I change them in such a way so that if people enter the answer they won't match.
User avatar
Ribtor
Posts: 9334
Joined: Sun Nov 28, 2010 3:45 pm

Post by Ribtor »

I write all my password and login info on a sheet of paper and keep it in the drawer by my computer in a folder called "passwords".
Pyke notte thy nostrellys
User avatar
juice
Posts: 11984
Joined: Wed Jan 23, 2008 12:26 am
Title: Inadvertently correct

Post by juice »

Ribtor wrote: I write all my password and login info on a sheet of paper and keep it in the drawer by my computer, in a folder called "passwords".

I should do this. It would be easier than having my password reset every time I need to access something.
User avatar
avkills
Posts: 3110
Joined: Sun Nov 14, 2010 9:46 am
Location: Everywhere

Post by avkills »

juice wrote:
Ribtor wrote: I write all my password and login info on a sheet of paper and keep it in the drawer by my computer, in a folder called "passwords".

I should do this. It would be easier than having my password reset every time I need to access something.


I have a password protected disk image on my computer where I store an excel sheet with all my passwords for websites and such. Good or bad, that is what I do.
"Killing them dead till they believe"
† The Church of Mark †
User avatar
DukeofNuke
Posts: 33200
Joined: Mon Jan 21, 2008 1:33 pm
Title: FREE RADICAL
Location: Scintillating!

Post by DukeofNuke »

Ribtor wrote: I write all my password and login info on a sheet of paper and keep it in the drawer by my computer in a folder called "passwords".

I guess that's better than having them on a post-it note stuck to the screen ...
intellectual/hipster/nihilist

"Everyone is entitled to their own opinions, but not their own facts."
-Senator Daniel Patrick Moynihan
User avatar
Ribtor
Posts: 9334
Joined: Sun Nov 28, 2010 3:45 pm

Post by Ribtor »

DukeofNuke wrote:
Ribtor wrote: I write all my password and login info on a sheet of paper and keep it in the drawer by my computer in a folder called "passwords".

I guess that's better than having them on a post-it note stuck to the screen ...


The drawer is an extra level of security. Best practices and all that.
Pyke notte thy nostrellys
User avatar
macnuke
Posts: 6077
Joined: Tue Oct 19, 2010 10:32 am
Title: Afar
Location: Here

Post by macnuke »

mine are taped under the keyboard.. out of sight, out of mind.

There are no illegitimate children...only illegitimate parents.

User avatar
Old Yoda
Posts: 4303
Joined: Sun Nov 14, 2010 10:36 am
Title: agitator
Location: Terminus

Post by Old Yoda »

In a mayonnaise jar on Funk & Wagnalls porch.
Unlimited Growth is the Ideology of a Cancer Cell
User avatar
macnuke
Posts: 6077
Joined: Tue Oct 19, 2010 10:32 am
Title: Afar
Location: Here

Post by macnuke »

Old Yoda wrote: In a mayonnaise jar on Funk & Wagnalls porch.


now that's a name I haven't heard in a very long time.

There are no illegitimate children...only illegitimate parents.

User avatar
DukeofNuke
Posts: 33200
Joined: Mon Jan 21, 2008 1:33 pm
Title: FREE RADICAL
Location: Scintillating!

Post by DukeofNuke »

Old Yoda wrote: In a mayonnaise jar on Funk & Wagnalls porch.

LOL, Carnac!

Image
intellectual/hipster/nihilist

"Everyone is entitled to their own opinions, but not their own facts."
-Senator Daniel Patrick Moynihan
User avatar
Pariah
Posts: 22665
Joined: Fri Mar 07, 2008 5:45 pm
Title: Know Your Enemy

Post by Pariah »

DukeofNuke wrote:
Ribtor wrote: I write all my password and login info on a sheet of paper and keep it in the drawer by my computer in a folder called "passwords".

I guess that's better than having them on a post-it note stuck to the screen ...

I worked, briefly, at a large eye research facility/clinic that had a rule that all passwords had to be changed every 30 day with all kinds of rule: Had to have special chars, caps and lower case, alpha and numeric, etc.
Every single computer in the place from the records department to the research wing had a postie on the screen with the current password. :shrug:
Not even duct tape will fix stupid, but it can muffle the sound.
User avatar
maurvir
Posts: 25210
Joined: Mon Nov 15, 2010 10:13 pm
Title: Steamed meat popsicle

Post by maurvir »

Pariah wrote:
DukeofNuke wrote:
Ribtor wrote: I write all my password and login info on a sheet of paper and keep it in the drawer by my computer in a folder called "passwords".

I guess that's better than having them on a post-it note stuck to the screen ...

I worked, briefly, at a large eye research facility/clinic that had a rule that all passwords had to be changed every 30 day with all kinds of rule: Had to have special chars, caps and lower case, alpha and numeric, etc.
Every single computer in the place from the records department to the research wing had a postie on the screen with the current password. :shrug:


IT never, ever seems to realize that if you make passwords that big of a pain the ass, you will practically guarantee that they will be written down under keyboards, behind monitors, etc. There is a curve beyond which security actually decreases, but this concept is foreign to most IT workers.

The alternative is to make it very easy to change your password. I had an account on a system with rules like that and it was easier to just request a new password than remember the old one.
User avatar
obvs
Posts: 27607
Joined: Sat Jan 12, 2008 8:44 pm
Title: Socialist isn't an epithet;it's a badge.

Post by obvs »

The problem with making it too easy to change passwords is that it means support people get used to taking calls from people who want to change their passwords, and that means an outsider may call in and get an employee's password changed.

It's more useful to teach people to use unusual sentences, because it's easy for them to be both complex and easily remembered.
User avatar
macnuke
Posts: 6077
Joined: Tue Oct 19, 2010 10:32 am
Title: Afar
Location: Here

Post by macnuke »

I need a longer field to enter my password of choice......

Ilovemyfuckingjobandmyjoblovesfuckingme

There are no illegitimate children...only illegitimate parents.

User avatar
dv
Posts: 30653
Joined: Wed Jan 16, 2008 3:42 pm

Post by dv »

maurvir wrote:
Pariah wrote:
DukeofNuke wrote:
Ribtor wrote: I write all my password and login info on a sheet of paper and keep it in the drawer by my computer in a folder called "passwords".

I guess that's better than having them on a post-it note stuck to the screen ...

I worked, briefly, at a large eye research facility/clinic that had a rule that all passwords had to be changed every 30 day with all kinds of rule: Had to have special chars, caps and lower case, alpha and numeric, etc.
Every single computer in the place from the records department to the research wing had a postie on the screen with the current password. :shrug:


IT never, ever seems to realize that if you make passwords that big of a pain the ass, you will practically guarantee that they will be written down under keyboards, behind monitors, etc. There is a curve beyond which security actually decreases, but this concept is foreign to most IT workers.

The alternative is to make it very easy to change your password. I had an account on a system with rules like that and it was easier to just request a new password than remember the old one.


IT realizes it, but the security policies are written by consultants who don't have to live with the consequences of their recommendations, and put into place by management who don't have to either.
Image
User avatar
juice
Posts: 11984
Joined: Wed Jan 23, 2008 12:26 am
Title: Inadvertently correct

Post by juice »

macnuke wrote: I need a longer field to enter my password of choice......

Ilovemyfuckingjobandmyjoblovesfuckingme

There aren’t any numbers, special characters, or capitalization in that string.
User avatar
macnuke
Posts: 6077
Joined: Tue Oct 19, 2010 10:32 am
Title: Afar
Location: Here

Post by macnuke »

!L0veMyFuckingJ0b@fiddlesticks!ngM3


fixed

There are no illegitimate children...only illegitimate parents.

User avatar
Betonhaus
Posts: 2911
Joined: Thu Aug 30, 2018 10:25 pm

Post by Betonhaus »

juice wrote:
macnuke wrote: I need a longer field to enter my password of choice......

Ilovemyfuckingjobandmyjoblovesfuckingme

There aren’t any numbers, special characters, or capitalization in that string.

It doesn't need it as it's long enough to have plenty of entropy
User avatar
obvs
Posts: 27607
Joined: Sat Jan 12, 2008 8:44 pm
Title: Socialist isn't an epithet;it's a badge.

Post by obvs »

juice wrote:
macnuke wrote: I need a longer field to enter my password of choice......

Ilovemyfuckingjobandmyjoblovesfuckingme

There aren’t any numbers, special characters, or capitalization in that string.
The first letter is capitalized.

And only the first letter is capitalized.

Just like in almost every password where having a capital letter is a requirement.
User avatar
juice
Posts: 11984
Joined: Wed Jan 23, 2008 12:26 am
Title: Inadvertently correct

Post by juice »

Still no special characters and is longer than the 12 I'm allowed.
User avatar
obvs
Posts: 27607
Joined: Sat Jan 12, 2008 8:44 pm
Title: Socialist isn't an epithet;it's a badge.

Post by obvs »

12?

My passwords tend to be like 30-50 characters long.
User avatar
juice
Posts: 11984
Joined: Wed Jan 23, 2008 12:26 am
Title: Inadvertently correct

Post by juice »

There are many more onerous criteria but I won't be sharing them here.
Post Reply