Absurd "Security Questions"
-
This is going to sound like a vent (and maybe it is, to a degree), but I really want to go beyond just complaining and DO something about it. I am absolutely fed up with the deluge of inane and ridiculous “Security Questions” that have inundated the web world. I’m speaking, of course, of the ubiquitous websites that require you to answer harebrained trivia questions like “Who was your first Little League coach?” or “Where did you get your first turtle?” or “What kind of apple do you like to juggle with?” These preposterous questions are intended to provide a layer of “security” to my account, in the event that I forget your password. But they are ludicrous because they are useless. They provide virtually no real security – just aggravation to the hapless users who are forced to come up with meaningful but memorable answers. They are either too easy to guess or too hard to remember. The latter must be written down – an intolerable inconvenience that also opens up a huge security hole to anyone who stumbles across your post-it notes. This problem has been around for a long time. Josh Levin complained articulately about it back in 2008. Google acknowledged the absurdity of the strategy in a security document published just last year. I particularly love Dustin’s parody. Nevertheless, the gabberflasting problem remains, darkening our society and threatening to snuff out any remaining sanity in our civilization. What can be done? Where can we protest? Who can be held responsible for these abominations that pierce my spleen like a poison-laced javelin every time I try to register for an online bank account or foosball tournament? Can anything be done to save humanity? Seriously, though. Is there any way we can join together and make our voice be heard? UPDATE: This is especially frustrating because there is a perfectly reasonable alternative: Simply let the user write his/her OWN question and answer. It is easy to think of a question with a single unambiguous answer known only to me. THAT's a system that is both secure AND convenient. ( Of course there will always be brain-dead users who make up a ridiculous question like "What's 2 + 2?". But the whole system shouldn't be gro
-
I answer the same for every question. Treat it as a password and it's no big deal.
There are only 10 types of people in the world, those who understand binary and those who don't.
-
Yeah, but the whole point of the questions is to use them when you FORGET your password. So then they're annoying AND useless.
-
I answer the same for every question. Treat it as a password and it's no big deal.
There are only 10 types of people in the world, those who understand binary and those who don't.
RyanDev wrote:
Treat it as a password and it's no big deal.
..it's not like it is a security-risc, or that people would call you and ask for such private details. That is, for the questions not already answered by their FB/LinkedIn profiles :) These questions would also only be relevant for your email-account - all other applications can safely assume that your email is private and send a simple reset-link.
Bastard Programmer from Hell :suss: If you can't read my code, try converting it here[^][](X-Clacks-Overhead: GNU Terry Pratchett)
-
I answer the same for every question. Treat it as a password and it's no big deal.
There are only 10 types of people in the world, those who understand binary and those who don't.
Yes, but several site I deal with are now "smart" enough to detect the same answer to all questions, and complain bitterly until you change them :mad:
-
This is going to sound like a vent (and maybe it is, to a degree), but I really want to go beyond just complaining and DO something about it. I am absolutely fed up with the deluge of inane and ridiculous “Security Questions” that have inundated the web world. I’m speaking, of course, of the ubiquitous websites that require you to answer harebrained trivia questions like “Who was your first Little League coach?” or “Where did you get your first turtle?” or “What kind of apple do you like to juggle with?” These preposterous questions are intended to provide a layer of “security” to my account, in the event that I forget your password. But they are ludicrous because they are useless. They provide virtually no real security – just aggravation to the hapless users who are forced to come up with meaningful but memorable answers. They are either too easy to guess or too hard to remember. The latter must be written down – an intolerable inconvenience that also opens up a huge security hole to anyone who stumbles across your post-it notes. This problem has been around for a long time. Josh Levin complained articulately about it back in 2008. Google acknowledged the absurdity of the strategy in a security document published just last year. I particularly love Dustin’s parody. Nevertheless, the gabberflasting problem remains, darkening our society and threatening to snuff out any remaining sanity in our civilization. What can be done? Where can we protest? Who can be held responsible for these abominations that pierce my spleen like a poison-laced javelin every time I try to register for an online bank account or foosball tournament? Can anything be done to save humanity? Seriously, though. Is there any way we can join together and make our voice be heard? UPDATE: This is especially frustrating because there is a perfectly reasonable alternative: Simply let the user write his/her OWN question and answer. It is easy to think of a question with a single unambiguous answer known only to me. THAT's a system that is both secure AND convenient. ( Of course there will always be brain-dead users who make up a ridiculous question like "What's 2 + 2?". But the whole system shouldn't be gro
I use a mental code to create the answers based upon the site, itself. Nothing to really remember - the site tells me its own answer. Now my reason for not liking them is that they ask questions about me that are too 'intimate' (alas, in the non-sexual sense) that, aggregated, give out more about me than anyone but me should know. They're thrown at me by financial institutions, in particular, when it wants to validate the machine I'm on for a few sessions (before it does it again).
"The difference between genius and stupidity is that genius has its limits." - Albert Einstein
"If you are searching for perfection in others, then you seek disappointment. If you are seek perfection in yourself, then you will find failure." - Balboos HaGadol Mar 2010
-
Yes, but several site I deal with are now "smart" enough to detect the same answer to all questions, and complain bitterly until you change them :mad:
-
This is going to sound like a vent (and maybe it is, to a degree), but I really want to go beyond just complaining and DO something about it. I am absolutely fed up with the deluge of inane and ridiculous “Security Questions” that have inundated the web world. I’m speaking, of course, of the ubiquitous websites that require you to answer harebrained trivia questions like “Who was your first Little League coach?” or “Where did you get your first turtle?” or “What kind of apple do you like to juggle with?” These preposterous questions are intended to provide a layer of “security” to my account, in the event that I forget your password. But they are ludicrous because they are useless. They provide virtually no real security – just aggravation to the hapless users who are forced to come up with meaningful but memorable answers. They are either too easy to guess or too hard to remember. The latter must be written down – an intolerable inconvenience that also opens up a huge security hole to anyone who stumbles across your post-it notes. This problem has been around for a long time. Josh Levin complained articulately about it back in 2008. Google acknowledged the absurdity of the strategy in a security document published just last year. I particularly love Dustin’s parody. Nevertheless, the gabberflasting problem remains, darkening our society and threatening to snuff out any remaining sanity in our civilization. What can be done? Where can we protest? Who can be held responsible for these abominations that pierce my spleen like a poison-laced javelin every time I try to register for an online bank account or foosball tournament? Can anything be done to save humanity? Seriously, though. Is there any way we can join together and make our voice be heard? UPDATE: This is especially frustrating because there is a perfectly reasonable alternative: Simply let the user write his/her OWN question and answer. It is easy to think of a question with a single unambiguous answer known only to me. THAT's a system that is both secure AND convenient. ( Of course there will always be brain-dead users who make up a ridiculous question like "What's 2 + 2?". But the whole system shouldn't be gro
kdmote wrote:
Of course there will always be brain-dead users who make up a ridiculous question like "What's 2 + 2?".
That's actually quite a good question as it allows obfuscation. The answer to that question is Desmond, as in Desmond Tutu.
“That which can be asserted without evidence, can be dismissed without evidence.”
― Christopher Hitchens
-
kdmote wrote:
Of course there will always be brain-dead users who make up a ridiculous question like "What's 2 + 2?".
That's actually quite a good question as it allows obfuscation. The answer to that question is Desmond, as in Desmond Tutu.
“That which can be asserted without evidence, can be dismissed without evidence.”
― Christopher Hitchens
-
Matt T Heffron wrote:
Many of us "old-timers" do know what we're doing!
Were those topics explained in detail during your education, or did you learn it in the field? My guess would be the latter.
Bastard Programmer from Hell :suss: If you can't read my code, try converting it here[^][](X-Clacks-Overhead: GNU Terry Pratchett)
There wasn't any education in this, back when I studied. Hackers didn't exist. Unsurprisingly, trolls did, though -- it's probably true that they've been around since the dawn of time.
I wanna be a eunuchs developer! Pass me a bread knife!
-
Another solution is to use KeePass[^], and store your answers in there. At least that way they are encrypted, relying only on one password to remember. It doesn't address your fundamental complaint, but is a method of dealing with the madness.
My CodeProject Articles :: Our forgotten astronomic heritage :: My website.
"Sorry, buddy, but this mission counts on everyone being as silent as possible, and your farts are just too much of a wildcard." - Korra to Meelo, "Kuvira's Gambit"Yeah, your first pet's name and your mother's maiden name are well worth keeping in secure storage, just in case you ever forget them.
I wanna be a eunuchs developer! Pass me a bread knife!
-
In those cases, my answers become "password1", "password2", "password3". No problem. :-\
There are only 10 types of people in the world, those who understand binary and those who don't.
So is it OK if I reset all your passwords, this week-end?
I wanna be a eunuchs developer! Pass me a bread knife!
-
kdmote wrote:
Of course there will always be brain-dead users who make up a ridiculous question like "What's 2 + 2?".
That's actually quite a good question as it allows obfuscation. The answer to that question is Desmond, as in Desmond Tutu.
“That which can be asserted without evidence, can be dismissed without evidence.”
― Christopher Hitchens
If you give a logical answer, it can be logically guessed, and the guesser will then own your account. But what really makes me laugh is that facebook users typically give away every detail that's ever asked by these questions.
I wanna be a eunuchs developer! Pass me a bread knife!
-
So is it OK if I reset all your passwords, this week-end?
I wanna be a eunuchs developer! Pass me a bread knife!
-
This is going to sound like a vent (and maybe it is, to a degree), but I really want to go beyond just complaining and DO something about it. I am absolutely fed up with the deluge of inane and ridiculous “Security Questions” that have inundated the web world. I’m speaking, of course, of the ubiquitous websites that require you to answer harebrained trivia questions like “Who was your first Little League coach?” or “Where did you get your first turtle?” or “What kind of apple do you like to juggle with?” These preposterous questions are intended to provide a layer of “security” to my account, in the event that I forget your password. But they are ludicrous because they are useless. They provide virtually no real security – just aggravation to the hapless users who are forced to come up with meaningful but memorable answers. They are either too easy to guess or too hard to remember. The latter must be written down – an intolerable inconvenience that also opens up a huge security hole to anyone who stumbles across your post-it notes. This problem has been around for a long time. Josh Levin complained articulately about it back in 2008. Google acknowledged the absurdity of the strategy in a security document published just last year. I particularly love Dustin’s parody. Nevertheless, the gabberflasting problem remains, darkening our society and threatening to snuff out any remaining sanity in our civilization. What can be done? Where can we protest? Who can be held responsible for these abominations that pierce my spleen like a poison-laced javelin every time I try to register for an online bank account or foosball tournament? Can anything be done to save humanity? Seriously, though. Is there any way we can join together and make our voice be heard? UPDATE: This is especially frustrating because there is a perfectly reasonable alternative: Simply let the user write his/her OWN question and answer. It is easy to think of a question with a single unambiguous answer known only to me. THAT's a system that is both secure AND convenient. ( Of course there will always be brain-dead users who make up a ridiculous question like "What's 2 + 2?". But the whole system shouldn't be gro
But it makes it so much easier to steal your identity if we know what street you grew up on and what your high school mascot was.
We won't sit down. We won't shut up. We won't go quietly away. YouTube and My Mu[sic], Films and Windows Programs, etc.
-
Matt T Heffron wrote:
Many of us "old-timers" do know what we're doing!
Were those topics explained in detail during your education, or did you learn it in the field? My guess would be the latter.
Bastard Programmer from Hell :suss: If you can't read my code, try converting it here[^][](X-Clacks-Overhead: GNU Terry Pratchett)
My education pre-dates the Internet by about a decade! But, even with my having learned it in the field, the "recent degree" probably is still a relevant differentiation.
"Fairy tales do not tell children the dragons exist. Children already know that dragons exist. Fairy tales tell children the dragons can be killed." - G.K. Chesterton
-
This is going to sound like a vent (and maybe it is, to a degree), but I really want to go beyond just complaining and DO something about it. I am absolutely fed up with the deluge of inane and ridiculous “Security Questions” that have inundated the web world. I’m speaking, of course, of the ubiquitous websites that require you to answer harebrained trivia questions like “Who was your first Little League coach?” or “Where did you get your first turtle?” or “What kind of apple do you like to juggle with?” These preposterous questions are intended to provide a layer of “security” to my account, in the event that I forget your password. But they are ludicrous because they are useless. They provide virtually no real security – just aggravation to the hapless users who are forced to come up with meaningful but memorable answers. They are either too easy to guess or too hard to remember. The latter must be written down – an intolerable inconvenience that also opens up a huge security hole to anyone who stumbles across your post-it notes. This problem has been around for a long time. Josh Levin complained articulately about it back in 2008. Google acknowledged the absurdity of the strategy in a security document published just last year. I particularly love Dustin’s parody. Nevertheless, the gabberflasting problem remains, darkening our society and threatening to snuff out any remaining sanity in our civilization. What can be done? Where can we protest? Who can be held responsible for these abominations that pierce my spleen like a poison-laced javelin every time I try to register for an online bank account or foosball tournament? Can anything be done to save humanity? Seriously, though. Is there any way we can join together and make our voice be heard? UPDATE: This is especially frustrating because there is a perfectly reasonable alternative: Simply let the user write his/her OWN question and answer. It is easy to think of a question with a single unambiguous answer known only to me. THAT's a system that is both secure AND convenient. ( Of course there will always be brain-dead users who make up a ridiculous question like "What's 2 + 2?". But the whole system shouldn't be gro
Quote:
Simply let the user write his/her OWN question and answer
I remember some sites offer this way and it's not a bad idea too.
-
There wasn't any education in this, back when I studied. Hackers didn't exist. Unsurprisingly, trolls did, though -- it's probably true that they've been around since the dawn of time.
I wanna be a eunuchs developer! Pass me a bread knife!
-
Eddy Vluggen wrote:
your argumentation is based on calling me an idiot
I don't see how you arrived at that conclusion, but no problem: I'll happily call you an idiot if you'd like. It wouldn't matter anyway, because I only exist as bits and bytes on the Interwebs -- non sum in rerum natura, and all that
I wanna be a eunuchs developer! Pass me a bread knife!
-
This is going to sound like a vent (and maybe it is, to a degree), but I really want to go beyond just complaining and DO something about it. I am absolutely fed up with the deluge of inane and ridiculous “Security Questions” that have inundated the web world. I’m speaking, of course, of the ubiquitous websites that require you to answer harebrained trivia questions like “Who was your first Little League coach?” or “Where did you get your first turtle?” or “What kind of apple do you like to juggle with?” These preposterous questions are intended to provide a layer of “security” to my account, in the event that I forget your password. But they are ludicrous because they are useless. They provide virtually no real security – just aggravation to the hapless users who are forced to come up with meaningful but memorable answers. They are either too easy to guess or too hard to remember. The latter must be written down – an intolerable inconvenience that also opens up a huge security hole to anyone who stumbles across your post-it notes. This problem has been around for a long time. Josh Levin complained articulately about it back in 2008. Google acknowledged the absurdity of the strategy in a security document published just last year. I particularly love Dustin’s parody. Nevertheless, the gabberflasting problem remains, darkening our society and threatening to snuff out any remaining sanity in our civilization. What can be done? Where can we protest? Who can be held responsible for these abominations that pierce my spleen like a poison-laced javelin every time I try to register for an online bank account or foosball tournament? Can anything be done to save humanity? Seriously, though. Is there any way we can join together and make our voice be heard? UPDATE: This is especially frustrating because there is a perfectly reasonable alternative: Simply let the user write his/her OWN question and answer. It is easy to think of a question with a single unambiguous answer known only to me. THAT's a system that is both secure AND convenient. ( Of course there will always be brain-dead users who make up a ridiculous question like "What's 2 + 2?". But the whole system shouldn't be gro
I don't think they're absurd and don't find them annoying, and several of the sites that I use do allow you to add your own question/answer set.
#SupportHeForShe Government can give you nothing but what it takes from somebody else. A government big enough to give you everything you want is big enough to take everything you've got, including your freedom.-Ezra Taft Benson You must accept 1 of 2 basic premises: Either we are alone in the universe or we are not alone. Either way, the implications are staggering!-Wernher von Braun