Password security tip - use fake information

[THERESA]

Many web sites have a link for "forgot my password" and all you have to do is answer a few questions to get logged in.

Warning! It could also be abused and let someone that knows you well into your account.

Use fake answers to avoid having someone who knows your "secret" answers from filling in the forms and hacking into your account.

If you answer those silly status based questions on Facebook you could be giving out the answers in normal conversation without even realizing you are doing it. Where was your first job? What street did you grow up on?

I have a list of false answers for all of these questions and even picked a town that I would easily remember to give for my "current" zip code where I have never lived. (yahoo asks for your zip code)

If you have your accounts set up with the correct answers, please take a few minutes to make up your own set of false answers that will be easy for you to remember. You could use one of your favorite places to vacation for the zip code. Log into all of your accounts and change all of your answers today! Also make sure you save your answers in a safe place since you probably won't remember them since they aren't true.

 

[peviha]

That's good advice. You can take it a step further and easily generate a false online identity here: Generate a Random Name - Fake Name Generator

This identity is completely made up and gives you all the (false) information you could ever want to put in as answers to a "secret question".

Print it out, and you'll never have to remember the answer to a security question again, while even those who know you well will have no idea what the correct answers are.

-peviha

 

[EQ Admin]

That looks like it could be useful.

I hope they aren't saving the fake profiles, if someone got access to them...

Then again, they'd only be for sites you don't care about, not for your banking sites, etc.

 

[THERESA]

I make up my own. I don't trust anyone.

 

[peviha]

If you're not keen on the whole concept of secret questions which are really just backdoors into your accounts, use a proper strong password in the first place, and don't fill in the answer to any secret questions. If you must supply an answer, copy-paste some random gibberish from GRC's password generator page (http://www.grc.com/passwords).

I know using strong passwords is easier said than done, but recently I find myself using KeePass (keepass.org) more and more. It's basically a password storage utility, but with a few very useful features added that I haven't seen in other password managers. Using that tool, I've changed all passwords for all sites I visit frequently (and even seldomly) to a 40-character password with upper/lower case letters, digits, and symbols.

There are plenty of other options out there, of course, but I like having a desktop application that I can bring up with a shortcut key instead of having to scramble through a web interface.

-peviha

 

[EQ Admin]

I've used this site for a long time to make my random passwords. I tend to use it more for "changeme" style passwords when I've giving out a password I'm expecting the recipient to change, but they end up with a decent password much better than changeme if they don't go back and change it.

 

[somdcomputerguy]

I generate a list of 12 word pass phrases, select one line for a question (if I can enter my own question) and another line for the answer. I have almost all the links bookmarked as I use them often enough, but the pctools link @popowich yields a 'Server Not Found' page..

 

[EQ Admin]

Thank you. Dead link from 2013 removed. These days I use the random password generator provided by Dashlane - Password Security.

I do the same thing with Q&A. I generate random passwords and use those for the answers. It's manual effort to track in secure notes but worth it.

 

[Baloneza]

I always answer differently than the question is posed. In fact, I came up with my scheme, I have my answers, and I just put them under any question in turn.