I read this post tonight and it reminds me the best security rule about secret Q&A service for self password reset and other critical tasks on the web…
“Do not say the truth”
Today with all 2.0 services (Facebook, LinkedIn, Copains d’Avant,…), pieces of your personal information are no longer yours. So when asked for:
- n What the birthname of your grand mother?
- n What is the specie of your pet?
- n What was the brand of your first car?
- n Etc.
Don’t even think to answer “Martin”, “Chien” or even “Peugeot”… Lie about it, use your environment as context for the answer and mnemonic process as the key to remember it.
Like every security moto, it seems natural but like every security moto, it has to be recalled.