No Surveillance State Month, Part 21: Password Questions Are the Devil

You know those, “If you forget your password, answer these questions to get into your account” things? That always ask you in what city you were born, what your mother’s maiden name was, etc.? Well, think about it for a second: assuming you answer those questions honestly, what are the odds that other people also know or can look up that information? There you were coming up with some kind of uber-complex string of characters for your password, which can be bypassed by searching for your mom’s marriage announcement.

This is how a lot of celebrity account hacks happened. Nude pictures of Scarlett Johannsen are on the ‘net thanks to password questions.

The solution is to make the answer to your password question a password in itself. Simply pick a new password, and use that for your password question. If that makes things too hard to remember, even something as simple as adding an arbitrary word before/after the real answer will make things significantly more secure. “New York” and “Smith” become “New York Blue” and “Smith Blue,” or “Alligator New York” and “Alligator Smith.” Easy to remember, unlikely to guess.

This is one of a 30-part series, “No Surveillance State Month,” where daily for the month of June I’ll be posting ways to avoid invasion of your privacy in the digital age. The intent of these posts is not to enable one to escape detection while engaging in criminal activity — there’s still the old-fashioned “send a detective to watch you” for which these posts will not help. Rather, this series will help you to opt-out of the en masse collection of data by the government and large corporations that places Americans in databases without their knowing and freely-given consent for indefinite time periods. We all have the right to privacy, and I hope you demand it.