The pieces to our identity puzzle are scattered everywhere, in some — even to you — unknown number of systems.

You’ve registered for how many credit cards at this point in your life. Worked for how many different employers. Had accounts at how many different banks since the first one that was ever opened for you. All of these entities had or have systems that contained your PII, and likely, answers to security questions that you provided.

The problem with “security questions” is that they’re actually a worse practice than using the same password across every site on the internet. They’re worse because — like in the screen below — the answers to the questions are immutable truths. Site-to-site, they never change if you answer honestly, and you likely use the same ones no matter what site is asking for them.

secureauthquestions

This is an ancient practice and needs to stop. It’s no secret how to provide yourself some relief from this security trap:

give bogus answers.

ebpa

And I can’t believe I have misspelled Seagal.

You’re going to lose some convenience here. You won’t remember the answers when you need them, and you’ll have to write them down or print them out and store them away safely. That’s actually a practice that is orders of magnitude safer than using soft, easy to guess answers or worse — using truthful answers that can be leveraged against every single account on the planet with your name on it.

Be smart, don’t fall for bad security. Think outside of the dropdown.

Advertisements