shopify traffic stats

My High School's Mascot Is 'Gator'

My High School's Mascot Is 'Gator'

So now you know my answer to "What was your high school's Mascot?". But that's OK. I don't actually use this security question anywhere, and if I am forced to answer such a question, I won't actually use the real answer. Answers to typical security questions can be guessed from other contextual information about you online. Furthermore, when answering a security question challenge such as "What's your favorite color?" on the phone, a criminal will sweet talk a customer service representative to let them keep guessing until they get the answer right. These weak security questions are why Sarah Palin was hacked during the 2008 presidential campaign and how the public got access to celebrity iCloud accounts in 2014.

With your password manager application, simply create and store unique fake answers for each of these questions using pronounceable gibberish or a mash of words (examples not be used: 'wakterfenbu' or 'flierbendingsunny'). Pronounceable security answers will allow you to communicate them to a customer service representative on the phone if needed. Here is an example of how to store security questions in your password manager (you could also should store the security questions with the actual password entry itself as a 'note').

UPDATE 12/16/2016: Due to the Yahoo Account Hack I recommend the latter (you store a unique answer for security questions per website instead of centrally across all websites). Yahoo possibly stored the security question answers in cleartext or weak MD5 hashes, meaning if you reused your security questions at any other website it is time to replace them there as well (start with any important email/money/health/government related websites first).


Like the passwords you updated in the previous post, update your security questions at the most important financial, health, and government related accounts first and then work your way to the rest. When you are all done, consider adding two factor authentication to your most important accounts.