Lie About Secret Questions for Enhanced Security

We've seen them a million times: What's your mother's maiden name? First pet? Street you grew up on? It doesn't matter whether you're setting up e-mail, a bank account, or registering for some sort of Web app -- they all use secret questions to help you regain access to the site if you forget your password.

But seemingly in a chapter out of my forthcoming book, Things That are Obvious, Microsoft has released a study suggesting these questions are horrifically flawed (PDF). So what's it all mean?

Well, it turns out that these kinds of questions are easily guessed by acquaintances. After all, people who know you also know things about you -- things like your mom's maiden name, your first pet, and what city you got engaged in. And many of those things are easily found online even if you don't know the information through firsthand experience. According to the study, these secret questions were guessed correctly about 20 percent of the time, making common Web sites about as secure as CTU headquarters in a random season of 24.

The bottom line? Lie. If you have to enter the answer to a secret question, you can secure your data by concocting a fictitious persona or simply entering nonsensical information -- as long as you can remember what information you entered, avoid telling the truth to the tubes. [via New Scientist]

Photo by Vibragiel