Home > Bulletin, Life > On Password Recovery Questions

On Password Recovery Questions

Email (and bank) accounts are probably the most important accounts one has. If one’s email is hacked, then all other accounts (eg Facebook, Twitter, WordPress etc…) associated with that email are compromised since all a hacker has to do next is to go to any site then request a link via email to reset the password and he or she will have access to those accounts too.

Password recovery questions provide users a convenient way to access their account in the event they forget their password. All people have to do is to correctly answer the question and they will be prompted to enter a new password. However many security questions used to recover passwords are terrible and provide anyone with a back-door way to hack an account. After all why would a hacker bother guessing the password when it’s easier to guess the answer to the security question? Let’s look at some…

What high-school did you attend?
Anyone browsing through my blog will realize that I’m from Vancouver. A two-minute google search will tell you that there are only twenty high-schools in Vancouver.

What is your favourite pet’s name?
Here is a list of the most popular names for dogs and cats if you need help guessing…

What is the first musical instrument you ever played?
This is one of five options as a password recovery question for my UBC Student account. For one, I’m asian so take a wild guess as to what instrument I first played at a young age…

Where did you meet your spouse?
I don’t like this question for a different reason. Imagine yourself several years from now looking back at this question. Will you remember the exact answer you put? You could have put Starbucks, cafe, Vancouver, British Columbia, Canada etc...

What is your mother’s maiden/middle name?
This also applies to the names of grandparents, fathers, siblings etc…Children are usually given family-related middle names (at least in my experience when I discuss this with friends). That’s not hard to find on Facebook.

What is your favourite sports team?
If you’re from Chicago, the answer is probably Chicago Blackhawks, Chicago Bulls or Chicago White Sox. If not then it might be New York Yankees, LA Lakers, Manchester United etc…

Interestingly enough, the only sites I’ve seen use password recovery questions are email and bank accounts. As such I recommend removing that feature unless mandatory. Also here’s a website for you to check how secure your passwords are.


Categories: Bulletin, Life
  1. April 5, 2013 at 6:33 pm


    I think I missed this xkcd comic. Thanks for sharing 🙂

    • April 6, 2013 at 11:21 pm

      No problem. I came across the comic when I was searching up password security on google.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: