|
What does dividing a letter by two even mean? As a developer I'd think of its ASCII integer value, but mere mortals wouldn't be asked that question. Its position in the alphabet? For odd-numbered letters, do you then round up, or down?
(Once again, I'm probably overthinking this, and it wasn't the point to your post anyway...)
The problem with these "secret questions" is that the answer isn't always necessarily difficult to answer. Wasn't there a well-publicized case a few years ago of some government official who managed to get some hacker to successfully go through an email password reset procedure, because all of the questions could be googled (like what high school did he go to, or the name of his dog, all of which he had answered at one point or another in various interviews or they were part of his page on Wikipedia...)?
Of course being a "nobody" myself, I don't have to worry about that aspect, but still - when I'm asked these questions for an important site, the answer I provide is as long and complex and non-memorable as the output of a password generator. Which defeats the "easy to answer" purpose of these questions, but I believe those are a bad idea to begin with.
|
|
|
|
|
|
Sander Rossel wrote: Funny how you were only wondering about the dividing a letter part though
You don't wanna know how my brain works.
|
|
|
|
|
Just use Keepass, or another keeper, and use their algorithm supplied passwords for those 'questions.' Far more secure, if security is your wish.
|
|
|
|
|
Don't provide real answers. Just put in a password, so to speak, as the answer. All this password stuff is so ridiculous it actually makes things less secure.
Everyone is born right handed. Only the strongest overcome it.
Fight for left-handed rights and hand equality.
|
|
|
|
|
My philosophy : correct horse battery staple.
|
|
|
|
|
Many years ago I got the following message from our corporate domain:
New password should be at least 4294967295 symbols length and differ from previous 65535 passwords.
|
|
|
|
|
In the U. S. of A, many financial institution have been using this for some years. Often having as many as five such questions so you could be asked for any one or more of them.
As a rule, I don't give real answers - but rather something deducible from an algorithm (in my head only - hacking that would be a bloody mess - as you French well know).
Why the algorithm? Well - it turns out that all of these places are now accumulating even more personal information about you that only you should know. Even more candy for that inevitable day they get hacked.
My (US) government run sites validate by sending me a key via email - so someone needs to know where I get their email. On one site, passwords are entered via mouse on a little online keyboard - so it cannot be key-logged (they change the references every time).
Ravings en masse^ |
---|
"The difference between genius and stupidity is that genius has its limits." - Albert Einstein | "If you are searching for perfection in others, then you seek disappointment. If you are seek perfection in yourself, then you will find failure." - Balboos HaGadol Mar 2010 |
|
|
|
|
|
You don't have to give a "true" answer to the security questions. You just have to give an answer you remember. When does your drivers license expire? On your birthday in 2028. What's your electric company's account number? 12345. And the best way to keep it all straight - a password manager program like KeePass.
|
|
|
|
|
I just go to: HackedUSGOVTPasswords.com and look my password up by my government UserID.
|
|
|
|
|
Does it really matter what answer you give? I mean, if you chose the utility company client id , couldn’t you just give them a bogus number, and log that in your password manager’s notes?
It’s not likely that they’ll contact the utility to make sure you’re not lying.
Mark
Just another cog in the wheel
|
|
|
|
|
Most of these are just "memory triggers" ... You can say your mother's maiden name is "Snuff" ... They don't actually reject your "secret word" (unless it's too short; etc) or "come after you".
The funny thing is people honestly trying to answer these "nonsense" questions (I did) ... since "id theft" would be all that's need to crack your "secret words".
(I used my "pet's name" when I didn't even have a pet).
"(I) am amazed to see myself here rather than there ... now rather than then".
― Blaise Pascal
|
|
|
|
|
Sander Rossel wrote: I get to pick from four pre-defined questions, but they are so difficult that even I can't answer them! Then use the standard answer -- "Burma!"
Seriously, there's no reason to answer those "security" questions with anything even resembling a real answer. They're only going to be used as less-secure passwords anyway, and posing them as a "security" question that you give a truthful answer to only makes them more easily guessable by hackers. Just write it down like any other password and keep it next to the main password. Besides, who's to say you didn't name your first cat C&4x# anyway.
|
|
|
|
|
You know you don't have to give the real answers, don't you? The questions are just placeholders really; so unless they force numeric-only then just type in your reaction which is likely to be similar in 6 or 12 months. Q. "What is your electricity account number?" A. "What a bloody stupid question". Even your electric company won't hack your account.
Since most of the questions that are asked in these scenarios are actually publicly-available data (e.g. what's your mother's maiden name, what was your first school) it's really more secure to just make up some random sentence as a form of long password.
|
|
|
|
|
I was sent this, and it explains so much: Battery falling down a hole[^]
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
AntiTwitter: @DalekDave is now a follower!
modified 25-Feb-18 7:09am.
|
|
|
|
|
I feel like that battery too, your prediction was right, my tip was downvoted
I wish those cowardly downvoters were man enough to leave a comment, and explain why they downvoted the tip !
|
|
|
|
|
It wasn't me - but the only way to prove that would be to downvote it, I suspect ...
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
Yeah, yeah, yeah, I know that typical Welsh 'pulling a leg' humor
|
|
|
|
|
Thinking about it you can tell the "seniority" of the downvoter by the rep points he removed: the rep point summary should tell you that, and it varies by voter rep. Not sure how big it is for article one-votes, but for QA answers "big hitters" give me -16.
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
RickZeeland wrote: I wish those cowardly downvoters were man enough to leave a comment, I wish cowardly posters who get a downvote would be man enough to realize the points me nothing.
Everyone is born right handed. Only the strongest overcome it.
Fight for left-handed rights and hand equality.
|
|
|
|
|
I find it strange that my last tip ".NET Core versioning demystified" has not gotten a single bookmark. Could it be that this is because of the site maintenance yesterday ?
So if anyone would be so good to bookmark my tip, and test if everything is ok, I would be forever grateful
|
|
|
|
|
People will bookmark your tips/articles when it suits them.
|
|
|
|
|
Or when they are stimulated a bit
|
|
|
|
|
Well, I'm getting the impression that I seem to be the only one that thinks that versioning is an important part of the continuous integration cycle.
What do you guys do when you release a product, set all version numbers by hand ?
|
|
|
|
|
Tat'sindeedwhat I doa few times every week. The project I work on is 25 years old and was ported to .Net at the first opportunity. New fashioned things like unit testing or continuous integration can be problematic.
I have lived with several Zen masters - all of them were cats.
|
|
|
|