[Guest9812398]

I had a Gmail account for a secondary email address that I used at times. One day I logged in with my email and password, and Google said I needed to further verify my identity. Well, my security question was a bogus one because I was confident with my password manager and backups it would not be needed. But, I guess I was wrong, because I didn't anticipate that knowing the password wouldn't be enough for Google. I never got access to the account again.

[richrichardsson]

Stupid "security" questions, I've started answering them like "what's your favourite colour?" - "colour" or "what was your first pet's name" - "pet".

There are a few things that make me wonder if I can trust a company. Security questions, stupid password restrictions, sending me a password in plain text via email.

[dylan604]

I recently was forced to do this by my home ISP. I used my password manager to generate 32 character length passwords, and then stored that info in the manager. However, when I attempted to save this info, the website responded with something along the lines of, 'we're sorry, please come back and try this again at another time.' This was preventing me from paying my bill online as it would not let me access my account with this info. I did this for 3 days straight. On the 4th day, I changed my answers to very simple responses similar to yours and the entire thing worked. It's not that it was fixed, because I tried the complex values first on day 4. Their system couldn't support such a value, and failed at letting me know that.

[winceschwab]

So, effectively, three security questions, like this:

  Favorite color? red

  Favorite band? yes

  First vehicle? car

In reality, they actually reduce complexity, defeating a 12 character password requirement with numbers, uppercase, lowercase and punctuation characters, because the total space of complexity can be possibly less than 9 case-insensitive letters.

[jdeibele]

I used to give my real birthday. Then I kept reading about how knowing that plus your address (usually easy to find on the internet - whitepages.com, etc.) got someone a long ways toward imitating you.

So I started making up birthdays but would have problems because I didn't remember them. So now I just use the epoch, which I think somebody here suggested.

[gordo4]

I put January 1, 1970 as my birthday, and sometimes I can tell sites convert to timestamp and then it rejects my entry because it evaluates to zero which is falsely.

[gambiting]

The issue then is that some services will require a copy of your ID to recover/unlock your account, and if the birth dates don't match they won't do it.

[Spooky23]

I always use plausible typos.

[5555624]

I use my sister's birthday. Other than the year, it's close to mine, and I don't forget it.

[gargravarr]

I use the registration date of my car (which is 4 years older than me) since at least I can look it up.

[protomyth]

I tell the students that you really need to lie and put in some words that you remember that go with the question. Think of it as a challenge/ response, not an answer.

[vezycash]

Next time, add your security questions to your password manager.

[pasbesoin]

Security Q/A are de facto passwords. Treat accordingly.

Further, they're often a sign that a human employee providing support can override and manually authenticate a user. Whether or not that is really the correct user. Treat your entire account with them accordingly.

[jdeibele]

Yes. I answer something like "favorite color" with "blue green red" or "blue was the color of my first bike" if I can. I end up with something like this:

pet: answer school: answer friend: answer

[bye_gmail]

Precisely the same thing happened to me. I removed Google from my life entirely, and I'm really happy about it.