Bones. I’m sorry but you weren’t my first dog. My first dog will forever be the answer when it comes to security questions. It’s convenient. But you’re really my favorite. I love you bones.
Plot twist: Bones’ official full name is actually “James Bones”, but he doesn’t know.
Don’t use real answers. “Security” questions have the same ‘authority’ as passwords (they can be used to change your password), but are often not treated with the same level of care as actual passwords.
Meaning, SQ are often easier for a hacker to figure out and exploit. In that event, SQs are actually worse than passwords, because they’re “unchangeable” (well, the real answer is). So if an SQ answer gets compromised, you’re SOL
The best option is to use a password manager, and randomly generate passwords and SQ answers (i use 1Password, but there are other good options)
Edit: oh and, if you use real answers, then those are more likely to be publicly searchable on Facebook or socially engineered (like a “which dog are you” quiz)
So…. Am I the only person that generates a random password as an “answer”?
There are at least two of us
On phone: okay Sir, we need at least the name of your favourite dog for verification!
Gonna get a bit pedantic and point out that the question actually asks the name of FIRST pet, not FAVORITE.
The correct answer was not BONES but possibly Bones or bones. Try again Bones!
How is even having these security questions even considered safe? What is more likely, person to know your password or a name of your favorite dog that you might get from that person’s Facebook account?
it’s not. These are very bad practice that had obvious problems from the start.
Sarah Palin’s Yahoo account was broken into during the 2008 election by guessing her security questions. If it wasn’t clear before then, it should have been clear after. No excuse for companies continuing to do this.
That’s why you make the answers fake ones. Like instead of your actual favorite pet, you answer lassy or airbud or something stupid like that
Even to the point of being nonsensical. I’ve had tech support chuckle at me but the intent was clear as day. Anyone can find my mother’s maiden name. Good luck figuring out the answer I gave the bank.
I had to say my SQ answers to the bank as identity confirmation (which, them being capable of reading it (stored as plain text) is a huge security no no)
and my answers were 20 random characters. That was fun
Psst… Try “McCoy”, or “Dr. McCoy”. :)
Dammit Jim, I’m a Doctor not a golden retriever!
I have some old accounts locked behind a name of first crush
It’s kind of poetic
Did you make those accounts back in middle school?
Oddly specific question, why? Am I culturally daft? Is this a reference to some classic?
Ha, no worries. I was just teasing that those that made their passwords their rush or those that they were dating were often in middle school. Kinda like kid logic.
I was dating as far as back as kindergarten so this is all very blurry history
Middle school felt like middle age crisis I am not kidding, fuck that time period. When I look at my photos from then I see someone fatally depressed, pale skin and empty gaze held by the smiling, blissfully ignorant parents.God damn this is what happens when someone mentions middle school near me. Someone should blow that building up.
Someone should blow that building up.
ATF has entered the chat
Someone tell Bones that you can lie on security questions
Can and absolutely do. Pet is my standard security question and it’s just a standardized password I use only on that field.
You should most likely generate a unique one for each website, but I doubt any attacker is going to go to the trouble of capturing that once and trying it again as a security answer elsewhere.
I use a password manager…. Generate a random string at 36 characters and then back off to whatever they’ll accept.
The number of idiots forcing less than 24 characters for things like that’s… way too damn high. (Probably preaching to the choir here but there was an issue with windows screwing with the encryption or something “requiring” 24 instead of 12.)
Sometimes banks ask me my answer to security questions. This ever happen to you?
Yep and I just give them the long random string. They don’t care.
You… go into a bank?
For what?!
I could always show them my id or something. You know, the same one I showed to get the account.
The bad part is of course when it’s not just the password leaking but the security questions and answers as well.
Bones would never lie - he’s a good boy, yes he is:-).
To Bones. You are a good boy. You also added a space after the “S”. It’s still you.
I immediately saw that do to how many times I have copy/pasted into text fields and they error out. What do you mean my routing number is invalid!
Oh whew. I needed to see this because this comic had me surprisingly agitated.
Curious, agitated that it wasn’t Bones or the space?
Agitated that the cartoon dog had a reason to doubt that he was the goodest boy.
All y’all acting like Bones is a good boy who deserves to be the favorite when he is clearly being a BAD BOY.
Maybe trying to hack his best friend’s account is why he isn’t the favorite!
The dog’s real name is “Sir Reginald Bonington, esq.” but their owner always just called them “Bones.”