Alas, United Airlines has now taken it on themselves to defeat all you people answering Mona Lisa or Fuck You to every question. They’ve restricted users to a multiple choice list!
Not only do they ask about offbeat topics (what adult has a favorite sea creature?) but they then provide 10 answers that you must choose from. So if your actual favorite painter or first major city visited isn’t on the list, good luck.
Apparently they don’t always show you the full list, so you can’t just decide on the next-to-last item in the list. I finally chose a particular letter of the alphabet and then, for all questions, selected the answer nearest (but prior to) that letter.
Whoever thought that scheme was an advance in civilization should be reassigned to chemical toilet duty.
I guess with drop downs my workaround would be an arbitrary rule like whichever option has the most vowels or first alphabetically starting with the last letter in the option.
Ooh. You could merge the strategies. All word security answers could be “3rd vowel alphabetically [related to question noun]” and drop down answers would always be the one whose third vowel was alphabetically first.
Are you proposing this as circumvention of a security step, or a solution to a security problem, because it isn’t the latter.
Any scheme that you cook up for making passwords easier to remember makes them easier to break - especially if it’s a predictable pattern that you use across a wide range of services.
DO what I do, use the same word for everything - moms middle name - Grace, first pet - Grace, favorite food - Grace [or whatever]
If my bestie hadn’t died, I would still be able to crack anything of his - he worked his way through the Imperial Japanese Navy of WW2, and then added a number to correspond with the month and an ^ if it needed a special symbol.
One of my sooper sekret skwirrl passwords is actually my log in from when I worked at ADT in the mid 90s =) Totally nothing I would have come up with, not linked to anybody’s birthday, anniversary, death day …
I have a password of the form X#x#x#x#x# (X,x stand for upper, lower case letter, # for a number). Ever try to enter that on a soft keyboard, where you have to shift between every pair of characters? But they insist on at least one upper case and one lower case letter and at least one number. I could change it of course, but I have a way of recalling this sequence. Yes, a 4 word phrase, all in lower case, would be much more secure.
Giving actual answers to security questions is more of a flaw than random easy to remember words, most especially in our era of oversharing and phishing.
Alas, United Airlines has now taken it on themselves to defeat all you people answering Mona Lisa or Fuck You to every question. They’ve restricted users to a multiple choice list!
[QUOTE]
Is United Airlines having a big problem with people trying to make reservations in other people’s name?
You forgot to add a sequential number in there somewhere to handle those stupid password lifetime rules.
(raise hand) All hail the Mighty Kraken!
But of course that’s probably not one of their stupid answer choices.
One of the systems used by a previous employer actually forced us to fill out TEN effing different security questions. All were mandatory and no duplicates were allowed. That sucked so, so hard.
I had one reminder question to be favorite color. When I typed in “red” I received an error that the answer was too short!
At work we’re required to change our pw x number of days; but then you get nag popups for 15 more days. I always wait until two or three days before I get locked out. Even then, my password has been the same for several years; with a number incremented by 1 each time. I’m now up to xxxxxxxx38 :rolleyes:
I use a federal government system that prohibits any dictionary words anywhere in your password. They are just begging for people to either write down their passwords or forget them.
I particularly love getting “Mother’s maiden name?” in Spanish or Portuguese. It’s in our ID, it’s in our company email*, it’s in all our official paperwork…
depending on the company it may not be. But sometimes keeping it off can require knowing a good lawyer.
No, it’s possible to enforce it. At time of password creation, they save the hashes of every 3 consecutive character string in the password. Then, when you create a new password, they do the same thing and compare the hashes to the saved ones. If any match, then you are not allowed to use the new password.
Your idea is basically equivalent to storing the passwords in cleartext. Those 3-letter segments can be trivially brute-forced, and assembling them back together into the original password is also trivial.
I use the only guaranteed system: Choosing passwords that are deep in Geek. That way when the crackers get hold of them, they realize I am one of them, and don’t steal the $259 in my checking account.
I have a weird memory for numbers. I can’t remember how much of the fabric the customer asked me for 1 minute ago, but I remember the license plates of many of the cars I have driven, Those letter/number combinations form the basis for my passwords. I add the same special characters to them, and remember them using the same mnemonics I used to remember them when they were on my car. I just have to write down the mnemonics for each page:
Yahoo: Party bus #2
shopping site: 51 cucumbers
etc.
