Wednesday, December 24, 2008

Your secret question is not a secret at all!

As many remember, Sarah Palin's Yahoo account was compromised in September. Today I will give some pointers and good practices to avoid being a victim yourself.

The biggest problem today is the ever so popular "secret questions". I don't understand who decided that a mother's maiden name was a good means of security, or better yet someone's birthplace or anniversary! Palin and others are likely not victims of cleaver high I.Q . hackers, but rather people resetting passwords using public information.

If your login requires you to answer "secret questions", create fictitious answers. For example.
Question: What city where you born in?
Answer: Never Never Land.
For crying out loud, don't use your real birthplace. If someone asks you for your social security number, your defenses go up. If someone asks you your anniversary, or where you were born, your defenses do no go up because those are not secrets and they are public information.

Merry Christmas everyone. I suspect many people reading this blog need to log in to their various accounts and change answer to their alleged secret questions.


  1. This is very good blog Tip for everyone Mike, i may change a few of mine because i have forgot some of my fictitious answers but some are not Secure like the accounts you created back in 2000.

  2. I keep a hard copy in a address book of all user names and passwords.

    Hi Mike,
    Here's another tip I've used in the past when asked for mother's maided name, use her first name.
    I always make up my own question / anser
    but you have to write this stuff down somewhere... with a pencil.

  3. Hi Mike,

    I'm the FatWallet social media girl and I just followed you here from your comment on my status update. Great point about the secret question. I think also with Facebook our mom's maiden names are easy to come by as are the names of our pets.

    Thanks for building awareness around this! :)