Friday, November 29, 2013

Security Questions

Predefined security questions always run the risk that they aren't necessarily applicable. It's certainly better if you can define your own question, but it's even better if you don't give the true answers that the security guy in this video insisted on, because the true answers are frequently known by others or can be guessed or looked up. The security guy in the video does make a good point about lies being harder to remember, but relying on memory for authentication details doesn't scale anyways. You might as well use your password manager to store your secret questions and the lies you use as answers.