The Practical Guide To Mac Security: Part 5, Security Questions

Some sites and services still use security questions. If you are forced to provide answers to these, you should never use real answers.



Check out The Practical Guide To Mac Security: Part 5, Security Questions at YouTube for closed captioning and more options.
Video Transcript: Hi, this is Gary with MacMost.com. This is Part 5 of my course, The Practical Guide to Mac Security. This course is brought to you for free thanks to my great Patreon supporters. Go to MacMost.com/patreon for more information.
So Security Questions are an old technique used on accounts that hopefully you don't see too much anymore. You see them often enough that we should talk about them because they actually don't make your account more secure. They make it less secure. But they do serve a purpose. So, for instance, the security question may be something like What's your mother's maiden name or What is your pet's name. You may get asked this. The ides is that if you lose your password you can get back into your account by answering one of these security questions either online or perhaps with a phone call to the service trying to reestablish contact with your account. They'll ask you one of these questions and you respond with whatever it is that you put down and they know that it's you.
But in fact this makes things less secure. It's basically creating a backdoor. The first problem is, of course, these are easy to guess. I mean how many pet names are there. Probably with only a hundred or two hundred pet names you can have all of the different pet names for 90% of the pets in the world. The same thing with street names and they are also easy to find. Like if somebody wants to break into your account they can probably find your mother's maiden name pretty easily. Or even the street you grew up on pretty easily just by looking online at various resources. They are also difficult to change. If you know that your information has been compromised, somebody now knows the name of the street you grew up on or the make of your first car, how do you change that? That's part of your history. If you change it to something else then it's no longer true. Also consider it's less that one factor. Instead of your password all they need is this information about you. This information about you is much easier to get than your password. So instead of increasing the number of factors it's actually keeping the number of factors at one. You either need your password or the answer to one of the security questions. Since the security questions are easier to guess and to find then it actually makes things weaker.
So here are some of the security questions you may see. I'm sure you've all seen everyone of these and there are probably a dozen more that are commonly asked. It doesn't really matter how unusual they are to get, they're just not very secure. Some typical answers would just be a last name and really with just a few hundred last names you've covered most last names in the world. The make of cars is even less with just a few dozen you've covered most people's answers. Streets growing up on, most people have grown up with streets that are only maybe in a list of several hundred names. Pets names are even weaker than that. There are some popular pet names used throughout the world and you may think that yours is unusual but it's still going to be easier to guess your pet's name than, say, a password. If you've ever posted anything to social media then, of course, the pets name is probably out there as well as a lot of this other information.
So ideally you don't want to use security questions. But you usually don't have a choice. When a site has these you have to fill them out. You have to provide an answer. So what do you do. Well, basically you lie. You create answers that are nonsensical. I like to use numbers because a lot of times you end of talking to somebody on the phone. They'll say, well confirm it's you. What's your mother's maiden name and I could very easily read out a list of numbers to them. They can understand those numbers whereas a password with letters and numbers sometimes it could be hard for the other person to hear exactly what you're saying. But you can add a few letters in there if you like. Maybe a dash. That kind of thing. The important thing to do is whatever you create make it randomly generated so maybe using a Password Manager's password generator sometimes you could create a random number. You can then record these in your Password Manager or write them down in a secure document that you keep maybe with other secure information. So let's say you have an email account. It's going to want some of the security questions. It prompts you for them. You come up with these random odd answers that nobody is going to be able to guess. You make sure you write those down in case you need them. You have somewhere you can go and read off this number to whomever it is you're talking to on the phone. So they get the right answer and I'm sure they won't think this is strange because a lot of people like me already do this. So they're used to seeing random answers like this in place of real ones. Related Subjects: Security (102 videos)
Related Video Tutorials:
The Practical Guide To Mac Security: Part 1, Introduction ― The Practical Guide To Mac Security: Part 2, Passwords ― The Practical Guide To Mac Security: Part 3, Password Managers ― The Practical Guide To Mac Security: Part 4, Two-Factor Authentication