“To secure your account, we recommend that you disable your security questions.”
Yahoo! is in the news today because of a data breach and 500 million accounts stolen. Of course I immediately headed over to change the passwords on my Yahoo! accounts and there I’m presented with a very interesting message:
“To secure your account, we recommend that you disable your security questions.”
Yep, you read this correctly.
Now before you start rambling and calling them silly, that’s actually a smart move.
At least if you assume that people write honest answers to their security questions.
Just imagine ‘What’s your dog’s name?’ as the security question and e.g. an honest Mark Zuckerberg answering ‘Beast’. The problem here is that the answer is public knowledge and therefore anybody could gain access to his account.
The smart thing to do would be to use an answer, which is unpredictable, e.g. ‘Flying tomatoes’ (instead of ‘Beast’), and save it in a password manager like 1Password. That way nobody would be able to guess your answer and you could still remember it thanks to the password manager.
But most likely the majority of users are simply honest (and lazy) and therefore removing security questions to make the account more secure is actually a smart thing to do.
Arthur Tressler knows what I’m talking about — portrayed by Michael Caine from the movie “Now You See Me”…