digg

Facebook Connect Join Digg About

Are Your "Secret Questions" Too Easily Answered?

technologyreview.com Research finds that the answers to secret questions used to retrieve forgotten passwords are easily guessed.

Who dugg this? Made popular May 19, 2009

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

81 Comments

show profanity settings
expand all
  • popzero, on 05/19/2009, -0/+37I always use pi. Takes me forever to login to anything, though.
  • inactive, on 05/19/2009, -2/+27I just use 1234 for every password it's easy to remember and who's going to guess it?
  • inactive, on 05/19/2009, -3/+23Just mash the keyboard. Nobody is going to guess your dog's name is
    kljsfhbasoh1274fqli oifh dhfslshudf dljdfs whwlqo389 ewu48383
  • mickhead, on 05/19/2009, -0/+19I often wondered if people actually answered those questions properly. My answer to them always has absolutely no relevance to the question.
  • prompel, on 05/19/2009, -1/+18Hey, that's my dog's name, too!
  • Loonacy, on 05/19/2009, -1/+17I just have a "made up" persona, when it asks "Where were you born?" i put in the place i WISH i had been born, when it asks "Mother's Maiden Name" i have a name from a book that i use there, i never give it accurate information.
  • iDoraemon, on 05/19/2009, -0/+16What I do to get around the problem is to remember a few easy words as answers, regardless of the secret question. This especially helps when it has nothing to do with secret question.

    For example, if the question asks "What is your high school mascot?", I can just type an answer from my possible consistent choices that is easy to remember, but absolutely has nothing to do with my high school or mascots in general.

    The upside is that it gets around the security risk involved when the person who wants to maliciously get into your account has some information about you, while also definitely remembering answers to some of the more obscure secret questions that web sites give.
  • PhonicUK, on 05/19/2009, -0/+16Amazing, That's the same combination I use for my luggage!
  • stinklez, on 05/19/2009, -0/+13secret question: My favorite color is red or blue?

    answer: emilio estevez
  • ironeus, on 05/18/2009, -0/+12Choosing "Where were you born?" is too easily researched nowadays. In general, passwords are like underwear: to keep them clean change them regularly.
  • dsmx, on 05/19/2009, -0/+10I use the last digit of pi.
  • jammyfred, on 05/19/2009, -1/+11I wonder how many people tried to log on to his digg account with 1234.
  • postitnote, on 05/19/2009, -2/+11Liar
  • stevenbrown, on 05/19/2009, -0/+8My question is always: What is my password?
  • redwire, on 05/19/2009, -0/+8I just have an insanely long and complex password I can't be assed typing but I use it specificly for the "secret question" question.

    No matter what the question is the "great long ***** off password" as I call it is my response since relevance makes it guessable.
  • grbruner, on 05/19/2009, -0/+8I prefer to be able to enter in a "hint." That way I can reference which one of my passwords I used without anyone else being able to guess it. For example "starts with "m" is much more secure then leaving it in the hands of a thief to guess my first pets name.
  • javy925, on 05/19/2009, -1/+8If I'm given the choice to make up a secret question, I use "you know the answer."
  • d66kid, on 05/19/2009, -0/+6threeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee
  • ViperDC, on 05/19/2009, -0/+6I had to call Blizzard support twice because I needed the answer to the secret question. The nice lady laughed when she finally saw what my answer was.

    I still use made-up gibberish, but now I record it in Oubliette.
  • Smegzor, on 05/19/2009, -0/+6Anymore
  • Llanowar, on 05/19/2009, -2/+8What's so long about typing "3"?
  • fxu1989, on 05/19/2009, -1/+7Sometimes I would put "you know, the answer"... and the answer would be "theanswer"
  • D14852001neko, on 05/19/2009, -0/+5*uses SHA1 hash of a forever remembered word*
  • ravage86, on 05/19/2009, -0/+5If someone wanted to know your password, they may find this post, and your password would be easily determined. Run a dictionary attack, except generate an sha1 hash of each word before making the attempt. Would probably take less than a minute.
  • techdever, on 05/19/2009, -0/+5Got milk ?
  • D14852001neko, on 05/19/2009, -0/+5Not as such, because the word is a mental word, or a convoluted mix of numbers, letters, and symbols I have ingrained into myself, like a universal master key if you will.
  • KooperG, on 05/19/2009, -0/+4so you put the same at that blog from that guy you heard about on twitter, as you use for your gmail etc? you do realize this means this 'guy' can reset your gmail account anytime he wishes, right?
  • inactive, on 05/19/2009, -0/+3You sit on it, but can't take it with you.
  • BossKey, on 05/19/2009, -0/+3I don't mash the keyboard because sometimes I do need to answer the question (like if a financial site notices I logged in from a different computer or IP than usual and throws in another layer of security just to make sure), so I record what my made-up answer was.
  • maz2331, on 05/19/2009, -0/+3Possibly. Sarah Palin found out the hard way that some are very easy.

    Others are too difficult to even attempt to remember, simply because they are so subjective that they change over time. Questions like "what is your favorite restaraunt" will not yield the same in a few years as they do now.
  • jeremyduffy, on 05/19/2009, -0/+3Except for everyone on the planet that knows you and your pet. That also assumes you've never mentioned his name on your blog/myspace page.
  • apache2, on 05/19/2009, -0/+3"What else do you call your bottom? It's Borris, he plays these mind games....." ^
  • r2builder, on 05/19/2009, -1/+4That's ridiculous. How could the end user remember their "question" word-for-word a few months down the line?
  • BossKey, on 05/19/2009, -0/+3If someone gains access to your account, changing the password forces them to start over.
  • AdmiralAcbar, on 05/19/2009, -0/+3Chuck Norri- never mind.
  • rolf, on 05/19/2009, -0/+3Why would/should I change them regularly? I have the important ones down pat in memory -- should I start writing them down and carrying them around? That's even more dangerous.

    Everyone parrots it, but what is the rationale to constantly changing passwords? I can't keep them all in my head as it is...
  • BossKey, on 05/19/2009, -0/+3A big problem is that people will fill any blanks put in front of them. I only fill in fields marked "required," and I can't believe the unnecessarily detailed info my friends volunteer on their social networking profiles. Want to know the answer to somebody's secret question? Just look at their Facebook profile. High school, mother's maiden name (especially if the entire family is friended), hometown, favorite restaurant, it's all there, in too many profiles with privacy set to be too public. Lock it down, people.
  • rolf, on 05/19/2009, -0/+3But gmail lets me check which other IPs are using my account and at what times. So I should be able to tell if someone has gained access to my account... (I wish other internet services started doing this. So incredibly easy and such a simple idea, yet not really thought of before).
  • wdfadude, on 05/19/2009, -0/+2Your answer is: "This is how I call my girlfriend."
  • Llanowar, on 05/19/2009, -0/+2The only places I use accurate information are on unimportant accounts where no one has any idea who I even am. On the actual important accounts I always remember my passwords anyway.
  • joshmoney, on 05/19/2009, -0/+2Reminds me of this scene from Dennis the Menace.

    http://www.youtube.com/watch?v=aZqvcncq76c&fea ...
  • antdude, on 05/19/2009, -0/+2Me too!
  • KooperG, on 05/19/2009, -2/+4so you're from the bible belt? :D
    http://74.125.77.132/search?q=cache:naTmpxxO3_oJ:e ...
  • Benno, on 05/19/2009, -0/+2The worst part is that many companies store the secret answer in plain text even though the password it's protecting is properly encrypted.
  • SteveMax, on 05/19/2009, -1/+2"Friend" in Sindarin is mellon (as used on that scene), elvellon, meldir or meldis; and in quenya, it's melda. Edro means open.
  • PsychoBrat, on 05/19/2009, -0/+1Gaius Julius Caesar Augustus
  • teamgwho, on 05/19/2009, -0/+1I have a formula for password generation so I get unique passwords for every place I need one. Every password is unique and you'd have to know the formula to figure it out. I hate places that require %$! type characters in the password. or that force you to change your password ever so often. Totally screws me up.
  • teamgwho, on 05/19/2009, -0/+1Ivanova: Peekaboo?
    Garibaldi: Would you have guessed it?
  • bigdanmahony, on 05/19/2009, -0/+1When a dude got me fired from work I looked him up on myspace and his email address was listed on his page.
    I then went to his hotmail account and did the "i forgot my password" thing,his secret question was "what is my name"
    FOOL!
    I then got access to his myspace account from his email and went in and changed his background to penises,his headline to "I always knew I was different" and broke up with his girlfriend,amongst other things.
  • JakeyG14, on 05/19/2009, -0/+1Maybe she was just laughing at you for phoning her employers.
  • Fetching more discussions...
    Show 51 - 83 of 83 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.