Yesterday, we discussed password problems. Today, we look at those subversively risky personal questions used to zero in on you and perhaps your wallet.
A fair lot of crap programming comes out of Bangalore, so it’s befitting software designers call this particular law of unintended consequences ‘the cobra effect’.
Character ReferenceThe Cobra EffectDuring British Crown Rule of India, legend says administrators grew concerned about the numbers of vipers infesting Delhi. The colonial governor offered a bounty for every dead cobra brought in. However, the plan’s short-term success was undermined by enterprising locals breeding cobras to collect bounties. The British governor terminated the program. Disappointed cobra farmers subsequently released their breeding serpents into the wild, far worsening the problem… or so the parable goes.
Last week, I needed to register on-line with a county agency. (No, my readers, NOT the Department of Corrections as the snarky amongst you might suspect.)
The first hint of difficulty lay in the most restricted character set to date, merely letters and numbers, no punctuation whatsoever. This thoughtfully provides bad guys huge hints: “Psst. Save time, fellas. Don’t bother testing the lock with those difficult oddball characters.”
The next clue… You know those personal identifying questions in case you forget your password? Questions like naming your favorite cheese or your first juvenile parole officer? These questions mask some of the greatest risks in computerdom. Anyone who knows the least bit about you can guess the answers.
Worse, I’ve encountered sites that provide convenient drop-down menu answers, a selection of eight or so choices. One of the most popular questions with a handy menu is, “What’s your favorite color?”
Presumably this helps the spelling-challenged, but what a gift to bad guys. Immediately black-hat hackers rule out black and white, rarely anyone’s favorites. That leaves six or eight choices, hardly a burden for the least capable password cracker. They need not guess if they notice the blue shirts and blue cell phone cover ordered on Amazon and now appearing in your latest Facebook pose.
Moral: Never answer a question with a menu choice.
![]() |
Orange County Registration Questions |
At left, notice the personally identifiable questions from the aforementioned county agency. Anyone with the slightest knowledge about you can guess the answers. Anyone who doesn’t know you, can easily google your name, learning where you attended high school, your favorite team, your pets, and your mother’s maiden name.
What can you do about it?
Don’t play the game.
First, of course, avoid Q&A with drop-down menus. That’s a given.
If the web page doesn’t feature drop-down menus, you can answer your favorite color of yellow, orange, or red with “sweet cream banana pie yellow”, “fancy freckle-farm fulvous fantasy,” or “notorious red dye number 2”.
If you know French, Spanish, or Romanian, you might utilize that knowledge, perhaps in combination with the verbose suggestion above. Answer your favorite color as ‘rouge’, ‘rojo’, or ‘roČ™u’. If you don’t know a foreign language, try Pig Latin, e.g, ‘edray’ or ‘ellowyay’.
But I never could abide by the rules. There’s an easier way than such hard-to-remember replies.
You can boost security if you make your answers– every answer– a non sequitur, a nonsense phrase. Remembering will be easier if you use the same response, such as “None of your damn business.” For example:
![]() |
© BBB |
Favorite author?Web sites like Apple’s recognize and object when an answer is repeated while populating a questionnaire. One solution is to exactly echo the question with leading or trailing words. For example, “Favorite author?” can be answered with, “My favorite author is none of your damn business,” or more simply, “Stuff my favorite author,” and “Stuff my favorite team,” etc.
None of your damn business.
Favorite color?
None of your damn business.
Favorite team?
None of your damn business.
Most importantly, choose a method that fits your style, then keep that information to yourself. Not playing by their dictates helps keep your data safer.
Don’t play the game.
Make up your own rules.
Password Security Question
Q. What’s your favorite security question?
A. ______________________________