4 Tips for Answering Those Secret Questions on Internet Accounts

Woodchuck photo by Dan Dzurisin (NDomer73), found on Flickr, licensed via Creative Commons.

How much wood would a woodchuck chuck if a woodchuck could chuck wood?

Thanks to Time, I know that's one of the secret questions you can choose when signing up for Virgin America's Elevate program. And it's a whole lot better choice than most of the other questions, such as What is the name of the city where you were born? or What is your favorite color?

If you care about your security, you'll never want to answer a secret question, which can be used to retrieve or reset your password, with anything someone else can either easily guess or easily find out. How many people put their city of birth on a publicly available Facebook page?

And there just aren't that many colors that people are likely to name. In his book Perfect Passwords, Mark Burnett notes that "there are around 100 common colors, even considering colors such as taupe, gainsboro and fuchsia." Bruce Schneier says he can probably guess someone's answer to that question in "no more than five attempts."

Back in 2008, someone hacked Sarah Palin's e-mail; all he had to do was find out her birthdate, ZIP code, and where she met her spouse. He claims it took 45 minutes on Wikipedia and Google to find the answers.

As Anish Kumar writes: "Giving the user an option to guess the name of a pet or hometown in lieu of actually knowing a password dramatically shortens the odds for the attacker. The service is essentially telling the attacker: 'We understand that it is difficult to guess passwords, so let us help you narrow them down from potentially millions of combinations to around a dozen, or even better, if you know how to use Google, just one.'"

So how do you answer those secret questions? Here are some suggestions.

1. Use an algorithm.

Lifehacker reports on Danah Boyd's strategy:

The basic structure is:
[Snarky Bad Attitude Phrase] + [Core Noun Phrase] + [Unique Word]

Although these are not my actual phrases, let's map them for example:

Snarky Bad Attitude Phrase = StupidQuestion
Unique Word = Booyah

Thus, when I'm asked the following question: What is your favorite sports team?

My answer would be: StupidQuestion SportsTeam Booyah

2. Use the true answer — with some modification.

Lauren Weinstein has a number of suggestions for answering secret questions, including this:

One particularly useful technique is simply to add unrelated text onto the correct answers (ideally different at every site, but even using the same add-on string everywhere would be better than nothing within the context of secret questions). So for example, your first dog might be Manfred23Skidoo. Your favorite color could be blueRasputin. And so on.

3. Use a totally random reply. Consider writing it down in some non-obvious place.

Computer security expert Bruce Schneier wrote:

My usual technique is to type a completely random answer — I madly slap at my keyboard for a few seconds -- and then forget about it. This ensures that some attacker can't bypass my password and try to guess the answer to my secret question, but is pretty unpleasant if I forget my password.

And Ferdinand J. Reinke commented on another post by Bruce Schneier:

My Mom's maiden name is 7DGG46QPK, FGAD4P3N, DKNNT4VKP C9HJLPQVK, or KEZNBF6N9 depending which of the sites I used it at. If a "secret question" is a password, then I say treat it as such with your favorite 12 random alphanumerics. Just don't tell anyone about your secret list. Memorization of passwords leads to forgetting. As long as I don't lose my little black book, I'm fine.

4. If you're allowed to select your own question, go that route. Choose one where only you will know the answer — and one that can't be easily guessed because the possible answers are limited. That can be a lot harder than you might imagine. I finally came up with one: What's the book Sarah gave me in high school? I bet even Sarah doesn't remember that — it's been over 35 years, and we've long been out of touch — and no one else would have a clue.

Related Post:
Organizing the Passwords

No commentsRead more

Cleaning Up the Computer Bookmarks

I have thousands and thousands of bookmarks - I don't know exactly how many, but they take up 9 MB on my computer. (If you're using Internet Explorer, my bookmarks are the equivalent of your favorites.) I come across many web sites that seem useful for either for work - including this blog - or for my own personal reasons.

But I've just spent a few hours decluttering and organizing them - and wow, does that feel good. I'm only about half done, but its already much easier to find what I'm looking for.

The types of activities I needed to do for this project are very similar to those needed in other organizing projects: deciding what to keep, grouping like with like and deciding where to keep those groupings, and labeling.

1. Delete (the declutter part)

In some cases, I got rid of large collections of bookmarks. Example: Since I've been a self-employed organizer for over five and a half years now, I figured I'm really not going back into the corporate world, working in an Information Technology department. So I really had no need for all those bookmarks having to do with software engineering. I'd gotten rid of the books on such topics years ago, but had somehow neglected to clear out the computer files.

I also got rid of bookmarks if I could readily find the same information again in a single Google search. Why do I need to bookmark Car Talk, for example - no matter how much I enjoy that radio show?

And then there was the outdated information. I had bookmarked information about specific cars I was considering from a few years ago, when I was buying my Prius (after my prior car - my wonderful Toyota MR2 - finally needed to be replaced, at 280,000 miles). But I won't need car reviews again for many years - and certainly not the ones I had!


2. Delete or re-label

Sometimes I would glance a bookmark and really not know whether I wanted to keep it or not - it wasn't clear what the article I had marked was about. So I'd click the link, and sometimes find out the article (or the web site itself) no longer existed - or I'd find the article was no longer interesting to me - and I'd hit Delete. Other times, I just needed to rename the bookmark, to make it meaningful to me.


3. Organize

This sometimes meant subdividing a bookmarks folder. I did this with my ADHD bookmarks - I had a long list, and it was hard to even remember what I had! Now it's easy to see what I've got.

And sometimes it meant combining files. I'd sometimes find - just as we often do with a large collection of paper files - that I had two folders with similar information. Now everything is in one place.

No commentsRead more

Email Replies: Is Shorter Always Better?

Are short email replies a good time-saving approach? A number of people seem to think so. Jonathan Fields writes:

I felt somehow compelled to match the length of the original email with my reply. So, if someone sent a 5 paragraph, 250 word email, even if I could answer it with 5 words, I wouldn’t. I’d build more content into my reply as a way of, I don’t know, honoring the effort that went into the original email.

Then, I woke up.

And I'm glad he did, since there's certainly no reason to write a long reply just because someone else wrote a long message.

Still, I think this policy, from two.sentenc.es, is overly simplistic:

two.sentenc.es is a personal policy that all email responses regardless of recipient or subject will be two sentences or less. It’s that simple.

There's also a three.sentenc.es, a four.sentenc.es, and a five.sentence.es - but they all seem flawed to me. They're artificial constraints that will sometimes work well - but almost surely sometimes they will not.

Yes, short replies can often be very effective. Steve Jobs is known for his brief replies - sometimes as short as "Yep" - and his emails are parodied at the Steve Jobs Email Reply Generator. But the messages we've seen are all cases where a short reply does indeed suffice to answer the question being asked.

My suggestion? How about replacing blanket rules with this commonsense guideline: Provide a clear, concise response.

If you're providing something other than a simple yes or no answer, take a bit of time to craft your reply to ensure it communicates precisely what you want to say, with no ambiguity. (But don't go too far and veer into unnecessary perfectionism!) A well-crafted reply will save time for both you and the recipient, in the long run.

Example: Many of my replies are to people who have asked for something I'm offering on Freecycle. If the person isn't getting the item, I do indeed write a short reply: I'm sorry, it's already been claimed.

But my message to the lucky recipient goes along these lines:
- You've got it!
- Here's my address.
- My address shows up incorrectly on some map programs; here's where it really is.
- When can you pick it up?
- I may leave it on my front porch; if it's not there, knock or ring the doorbell.

I can't say that in two sentences! (Well, I guess I could, if they were huge run-on sentences - but that's obviously not the right answer.)

Seth Godin's e-mail checklist includes the question: Could this email be shorter? It's a good question - as long as we realize that we don't want to sacrifice clarity as we aim for brevity.

What is the real reason the sample response above is only two sentences? Because two sentences does the job!

Related Posts:
The Hamster Revolution: How to Manage Your Email Before It Manages You
Filing the E-Mail - Or Not

No commentsRead more

Filing the E-mail - Or Not

What do you do with all those e-mail messages you want to save? Since I wrote about applying some of the suggestions from The Hamster Revolution to my own e-mail, people have asked me for more detail.

What The Hamster Revolution Recommends

The Hamster Revolution suggests these four e-mail boxes:
1. Clients
2. Output
3. Teams
4. Admin

The numbers are actually part of the file name, and they ensure that "clients" come before "admin." Since the book is focused on a work environment, but acknowledges that you'll also get personal e-mail, the author says you might want to add another folder for personal messages.

What I'm Doing

My own version of that list is
Admin
Associates
Clients
Freecycle
Outputs
Personal

Admin includes electronic receipts for work-related purchases, messages from my business insurance company, etc. I don't have a lot of admin.

Associates includes sub-folders for BNI (Business Network International) NAPO (National Association of Professional Organizers), NSGCD (National Study Group on Chronic Disorganization), etc.

Clients is self-explanatory, isn't it?

Freecycle is a folder I added, because I'm both a Freecycle moderator and an active Freecycler, so I access this folder a lot and I wanted it at the top level.

Outputs include files related to the magazine I edit, my blog, my newsletter, etc.

And Personal is also self-explanatory.

While these six folders take care of most of the messages I'm saving for reference - my archive files. I used to have many more top-level folders, and I much prefer this more streamlined approach. But I did add on two other sets of folders.

1. The four folders at the top, with the --> in front of the name, are just extremely active folders that I want easy access to. The first one is the issue of the magazine that I'm currently working on.

2. The folders with the @ in front of them will look familiar to those who use David Allen's Getting Things Done. These are folders related to things on my calendar or one of my to-do (and related) lists.

So Calendar has detailed information about things on my calendar. Next Actions (or na) are the messages related to things on my to-do lists. Project Support is information about larger efforts, not simple to-do items. Someday Maybe relates to things I might want to do. Waiting For are messages where I'm awaiting a reply. Waiting for - Freecycle are messages about pending pickups of Freecycled items.

This is what works for me - a blend of two systems, with some of my own tweaks. But there are a number of other approaches that work for others.

Another Approach: No Filing!

A number of people argue that filing e-mail is just a waste of time, since search tools can allow you to find any message you want. Merlin Mann said, "Organizing your email is like alphabetizing your recycling!" Gina Trapani suggests that all you really need is three folders: Follow Up, Archive, and Hold (a temporary holding place for important messages you'll be referring to in the next few days).

I understand the arguments for this approach - and it does have a lot of appeal. I'm continually simplifying my filing system - but I'm not ready take the plunge to this system yet.

If you have an e-mail filing (on non-filing) system that works for you, I'd love to hear about it!

No commentsRead more