Security Question Security
Security Question Security
Last couple of days a local TV station is cautioning about an on line scam harvesting answers to security questions using a valentines day questionnaire.
Do you give real answers to security questions?
My answers are always nonsence.
Question: You mothers maiden name?
Answer: Trump is a psychopath.
If an option, I make my own question and answer with nonsense.
Question: In what city were you baptized?
Answer: I like yogurt!
Do you give real answers to security questions?
My answers are always nonsence.
Question: You mothers maiden name?
Answer: Trump is a psychopath.
If an option, I make my own question and answer with nonsense.
Question: In what city were you baptized?
Answer: I like yogurt!
Unlimited Growth is the Ideology of a Cancer Cell
- Donkey Butter
- Posts: 1662
- Joined: Sun Nov 14, 2010 8:15 am
- Title: jerk face
- Location: over yonder
For sites that I trust (like credit cards), I keep a list of "sensible" replies on a computer which is NEVER online. I never repeat any of them.
I MIGHT start an entry to something like that Valentines Day questionnaire, but I would drop it upon being ask a security question like mother's maiden name (which is almost certainly posted somewhere online considering how people use genealogy software/sites).
I MIGHT start an entry to something like that Valentines Day questionnaire, but I would drop it upon being ask a security question like mother's maiden name (which is almost certainly posted somewhere online considering how people use genealogy software/sites).
I like to use my luggage code of 1234 for everything. 

"Killing them dead till they believe"
† The Church of Mark †
† The Church of Mark †
I write all my password and login info on a sheet of paper and keep it in the drawer by my computer in a folder called "passwords".
Pyke notte thy nostrellys
Ribtor wrote: I write all my password and login info on a sheet of paper and keep it in the drawer by my computer, in a folder called "passwords".
I should do this. It would be easier than having my password reset every time I need to access something.
juice wrote:Ribtor wrote: I write all my password and login info on a sheet of paper and keep it in the drawer by my computer, in a folder called "passwords".
I should do this. It would be easier than having my password reset every time I need to access something.
I have a password protected disk image on my computer where I store an excel sheet with all my passwords for websites and such. Good or bad, that is what I do.
"Killing them dead till they believe"
† The Church of Mark †
† The Church of Mark †
- DukeofNuke
- Posts: 33949
- Joined: Mon Jan 21, 2008 1:33 pm
- Title: FREE RADICAL
- Location: Scintillating!
Ribtor wrote: I write all my password and login info on a sheet of paper and keep it in the drawer by my computer in a folder called "passwords".
I guess that's better than having them on a post-it note stuck to the screen ...
intellectual/hipster/nihilist
"Everyone is entitled to their own opinions, but not their own facts."
-Senator Daniel Patrick Moynihan
"Everyone is entitled to their own opinions, but not their own facts."
-Senator Daniel Patrick Moynihan
DukeofNuke wrote:Ribtor wrote: I write all my password and login info on a sheet of paper and keep it in the drawer by my computer in a folder called "passwords".
I guess that's better than having them on a post-it note stuck to the screen ...
The drawer is an extra level of security. Best practices and all that.
Pyke notte thy nostrellys
In a mayonnaise jar on Funk & Wagnalls porch.
Unlimited Growth is the Ideology of a Cancer Cell
Old Yoda wrote: In a mayonnaise jar on Funk & Wagnalls porch.
now that's a name I haven't heard in a very long time.
People that do not succeed in politics usually tell the truth too often.
- DukeofNuke
- Posts: 33949
- Joined: Mon Jan 21, 2008 1:33 pm
- Title: FREE RADICAL
- Location: Scintillating!
Old Yoda wrote: In a mayonnaise jar on Funk & Wagnalls porch.
LOL, Carnac!

intellectual/hipster/nihilist
"Everyone is entitled to their own opinions, but not their own facts."
-Senator Daniel Patrick Moynihan
"Everyone is entitled to their own opinions, but not their own facts."
-Senator Daniel Patrick Moynihan
DukeofNuke wrote:Ribtor wrote: I write all my password and login info on a sheet of paper and keep it in the drawer by my computer in a folder called "passwords".
I guess that's better than having them on a post-it note stuck to the screen ...
I worked, briefly, at a large eye research facility/clinic that had a rule that all passwords had to be changed every 30 day with all kinds of rule: Had to have special chars, caps and lower case, alpha and numeric, etc.
Every single computer in the place from the records department to the research wing had a postie on the screen with the current password.

Not even duct tape will fix stupid, but it can muffle the sound.
Pariah wrote:DukeofNuke wrote:Ribtor wrote: I write all my password and login info on a sheet of paper and keep it in the drawer by my computer in a folder called "passwords".
I guess that's better than having them on a post-it note stuck to the screen ...
I worked, briefly, at a large eye research facility/clinic that had a rule that all passwords had to be changed every 30 day with all kinds of rule: Had to have special chars, caps and lower case, alpha and numeric, etc.
Every single computer in the place from the records department to the research wing had a postie on the screen with the current password.![]()
IT never, ever seems to realize that if you make passwords that big of a pain the ass, you will practically guarantee that they will be written down under keyboards, behind monitors, etc. There is a curve beyond which security actually decreases, but this concept is foreign to most IT workers.
The alternative is to make it very easy to change your password. I had an account on a system with rules like that and it was easier to just request a new password than remember the old one.
The problem with making it too easy to change passwords is that it means support people get used to taking calls from people who want to change their passwords, and that means an outsider may call in and get an employee's password changed.
It's more useful to teach people to use unusual sentences, because it's easy for them to be both complex and easily remembered.
It's more useful to teach people to use unusual sentences, because it's easy for them to be both complex and easily remembered.
maurvir wrote:Pariah wrote:DukeofNuke wrote:Ribtor wrote: I write all my password and login info on a sheet of paper and keep it in the drawer by my computer in a folder called "passwords".
I guess that's better than having them on a post-it note stuck to the screen ...
I worked, briefly, at a large eye research facility/clinic that had a rule that all passwords had to be changed every 30 day with all kinds of rule: Had to have special chars, caps and lower case, alpha and numeric, etc.
Every single computer in the place from the records department to the research wing had a postie on the screen with the current password.![]()
IT never, ever seems to realize that if you make passwords that big of a pain the ass, you will practically guarantee that they will be written down under keyboards, behind monitors, etc. There is a curve beyond which security actually decreases, but this concept is foreign to most IT workers.
The alternative is to make it very easy to change your password. I had an account on a system with rules like that and it was easier to just request a new password than remember the old one.
IT realizes it, but the security policies are written by consultants who don't have to live with the consequences of their recommendations, and put into place by management who don't have to either.
juice wrote:macnuke wrote: I need a longer field to enter my password of choice......
Ilovemyfuckingjobandmyjoblovesfuckingme
There aren’t any numbers, special characters, or capitalization in that string.
It doesn't need it as it's long enough to have plenty of entropy
The first letter is capitalized.juice wrote:macnuke wrote: I need a longer field to enter my password of choice......
Ilovemyfuckingjobandmyjoblovesfuckingme
There aren’t any numbers, special characters, or capitalization in that string.
And only the first letter is capitalized.
Just like in almost every password where having a capital letter is a requirement.