Secret questions

19 Aug, 2022
324 words | 2 min to read | 58 min to write

Why don’t answer truth

I really hope you don’t REALLY answer those and treat them as just another password, aren’t you? If you’re still naive enough to actually put your first pet’s name as an answer, please stop doing this especially if service doesn’t support multi-factor (at least 2FA) authentication. What’s wrong with the secret questions you ask? They are more-or-less common knowledge about you, and as such are not very secret. Your favourite colour, meal, or historical figure are not really all that “secret”. So as your first (and maybe only?) pet’s name. So as the name of the street you grew up in. You can easily spill any of these to even a complete stranger. You can fall victim of social engineering which is an umbrella term for a few techniques attackers may use to collect information about you.

What else is wrong about the secret questions? Your answer may change over time. Yes, your moether’s maiden name won’t change so as the nickname of your first pet, but sometimes secret questions are something like “your favorite colour”. And if you liked purple 10 years ago, maybe now you like lime green more.

What should you answer instead

Treat them as another password. Your first pet’s name? Oh dear weiLabahD7on, he loved chasing the ball. Mother’s maiden name? She’s ohKei6Ungee#chohko. Favorite subject at school? Despite having poor marks, I always loved peec5Weef@aeSo because my teacher, Mr Ahnee8chetah, made it very entertaining.

Or you can come up with some scheme. I.e. if a website asks for your

  • favourite meal
  • mother’s maiden name
  • country of your first overseas trip

your answers could be

  • awesome meal
  • awesome name
  • awesome trip

You could even answer THE SAME THING to all the secret questions:

  • I love roasted crocodiles
  • I love roasted crocodiles
  • I love roasted crocodiles

It’s less secure, but definitelly more secure than answering truth.