I Want to Make It Harder to Steal My Money, Thanks
June 8, 2010 4:37 AM
What can I do about the dubious security questions of Everbank's online banking service?
I recently opened an account with Everbank and have started setting up my online banking. Part of this process are the security question that you have to answer in case you lose your password or so the Everbank people can identify you on the phone. There are a series of 4 drop-down menus with about 6-7 options of questions to answer on each one.
However, there are practically none that I can answer that are not in the public domain somewhere. Sample questions:
In what state or province was your father born?
What year were you married?
What is the middle name of your oldest brother?
What year did you graduate from college?
What is your mother's first name?
What is your mother's maiden name?
What is your father's Zodiac sign?
In what month is your mother's birthday?
What is the middle name of your first child?
There are literally only about 1 of the 4 questions that I could answer with information that is not public - but it's easily guessed ("What's the name of your first pet).
I purposefully clicked "forgot my password" and the only thing required was to answer 2 of the 4 security questions.
I am concerned about these lax protocols but have some questions - how likely is it that a nefarious character will try to access my bank account this way? Am I being too paranoid about it? How should I try to remedy this with Everbank?
I really, really need to be able to use online banking - I won't be receiving mail for some time and must keep an eye on accounts. Thanks!
I recently opened an account with Everbank and have started setting up my online banking. Part of this process are the security question that you have to answer in case you lose your password or so the Everbank people can identify you on the phone. There are a series of 4 drop-down menus with about 6-7 options of questions to answer on each one.
However, there are practically none that I can answer that are not in the public domain somewhere. Sample questions:
In what state or province was your father born?
What year were you married?
What is the middle name of your oldest brother?
What year did you graduate from college?
What is your mother's first name?
What is your mother's maiden name?
What is your father's Zodiac sign?
In what month is your mother's birthday?
What is the middle name of your first child?
There are literally only about 1 of the 4 questions that I could answer with information that is not public - but it's easily guessed ("What's the name of your first pet).
I purposefully clicked "forgot my password" and the only thing required was to answer 2 of the 4 security questions.
I am concerned about these lax protocols but have some questions - how likely is it that a nefarious character will try to access my bank account this way? Am I being too paranoid about it? How should I try to remedy this with Everbank?
I really, really need to be able to use online banking - I won't be receiving mail for some time and must keep an eye on accounts. Thanks!
Have you thought about making up answers? Each answer in itself can be a mini-password. You may know that your father is really a scorpio, but that doesn't mean you have to put that as the answer.
posted by The 10th Regiment of Foot at 4:48 AM on June 8, 2010
posted by The 10th Regiment of Foot at 4:48 AM on June 8, 2010
As a simple solution, you could always answer the question with incorrect answers. For example, you could add or subtract one to all of the month/year questions, or pick other "false" answers that would still make sense to you. It might take you a bit longer to remember the correct answers if you forget your password, but makes it a lot less likely for someone to hack your account.
posted by ukdanae at 4:48 AM on June 8, 2010
posted by ukdanae at 4:48 AM on June 8, 2010
You could answer the questions with random strings of text and store those strings somewhere.
Q: What is your mother's maiden name?
A: 2LnYqUTA
posted by rancidchickn at 4:49 AM on June 8, 2010
Q: What is your mother's maiden name?
A: 2LnYqUTA
posted by rancidchickn at 4:49 AM on June 8, 2010
Just don't answer them truthfully. When you have to use the security questions in the future, the bank will simply check against what you entered originally, not against any kind of external information. As long as you remember that your father's zodiac sign is "cheeseball with crostini rising" then you're set.
posted by girl scientist at 4:49 AM on June 8, 2010
posted by girl scientist at 4:49 AM on June 8, 2010
You can answer with anything. So:
"What year were you married" = bingbong
"What is your mother's first name" = bingbong
You see where I'm going with this. Use any obscure answer for all the questions and don't forget the answer you came up with. No one will be able to "guess" from public info.
posted by qwip at 4:50 AM on June 8, 2010
"What year were you married" = bingbong
"What is your mother's first name" = bingbong
You see where I'm going with this. Use any obscure answer for all the questions and don't forget the answer you came up with. No one will be able to "guess" from public info.
posted by qwip at 4:50 AM on June 8, 2010
Google allows you put in any questions you like. I had as my secret question "What happened to the elephant?" and I cannot tell you for the life of me what the answer to that question is.
So sometimes having answerable questions can be good. I am not sure about the benefit of having another password for your password challenge questions, because I would be just as likely to forget those extra passwords as well. If you're sure you're never going to forget your online banking password, then definitely go for the made-up-answers route.
posted by that girl at 4:53 AM on June 8, 2010
So sometimes having answerable questions can be good. I am not sure about the benefit of having another password for your password challenge questions, because I would be just as likely to forget those extra passwords as well. If you're sure you're never going to forget your online banking password, then definitely go for the made-up-answers route.
posted by that girl at 4:53 AM on June 8, 2010
Yeah, that's the problem - I have a hard enough time remembering real stuff, let alone fake online banking answers. I really didn't even think about making it up! Good idea!
I am unlikely to forget my password so I suppose I shouldn't really worry about it, but I'll be stuck if a telephone representative asks me for the answers and I get them wrong ("What's your mother's first name?" "Uh, Helen" "...")
posted by amicamentis at 5:02 AM on June 8, 2010
I am unlikely to forget my password so I suppose I shouldn't really worry about it, but I'll be stuck if a telephone representative asks me for the answers and I get them wrong ("What's your mother's first name?" "Uh, Helen" "...")
posted by amicamentis at 5:02 AM on June 8, 2010
Well how about you substitute stuff you do know, like for instance, switch mother with father... What is your mother's first name? George. What is your father's middle name? Anne. etc...
posted by The 10th Regiment of Foot at 5:27 AM on June 8, 2010
posted by The 10th Regiment of Foot at 5:27 AM on June 8, 2010
If you're concerned about not being able to remember a completely made up answer, then perhaps look at a password based on the real answer? For example, if you mother's maiden name was Jones and she got married in 1970, then your answer to "Mother's Maiden Name" might be 70senoJ70 or Jon70es. And for ease of memory, whatever convention you use, transfer it to the other questions... so your pet's name becomes 82ijneB82 or Ben82ji, assuming you got your beloved Benji in 1982 (or he died peacefully in his sleep in 1982, or whatever).
On preview, merely another alternative to T10RoF's method.
posted by somanyamys at 5:54 AM on June 8, 2010
On preview, merely another alternative to T10RoF's method.
posted by somanyamys at 5:54 AM on June 8, 2010
There is almost always another layer of security involved, besides the security questions. For instance, when you call on the phone, they often verify your SSN (or parts of it). And when you reset your password online, they generally email it to you, which means an attacker would also need to compromise your email account.
I purposefully clicked "forgot my password" and the only thing required was to answer 2 of the 4 security questions.
They also need to know your username.
posted by smackfu at 6:39 AM on June 8, 2010
I purposefully clicked "forgot my password" and the only thing required was to answer 2 of the 4 security questions.
They also need to know your username.
posted by smackfu at 6:39 AM on June 8, 2010
The most ridiculous thing is that a lot of times the answers are case sensitive if you try to recover your password online. So not only do you have to remember the answer to some question you have to spell it and capitalize it exactly the same way.
Anyway you're supposed to write down your password now. The old 'don't write it down' thing really only applies to offices and work environments where someone might physically be looking for it. Online Identity thieves are not going to break into your house.
So, write down your password on a slip of paper, write down your answers to security questions. Hide that paper in a filing cabinet somewhere. And obviously don't use the real answers.
posted by delmoi at 7:06 AM on June 8, 2010
Anyway you're supposed to write down your password now. The old 'don't write it down' thing really only applies to offices and work environments where someone might physically be looking for it. Online Identity thieves are not going to break into your house.
So, write down your password on a slip of paper, write down your answers to security questions. Hide that paper in a filing cabinet somewhere. And obviously don't use the real answers.
posted by delmoi at 7:06 AM on June 8, 2010
Don't exchange father's and mother's info, rearrange digits in a birthday, etc. That is the first thing I would try if public domain info didn't give me results, and I can't be any smarter than your hypothetical thief.
posted by skyl1n3 at 11:32 AM on June 8, 2010
posted by skyl1n3 at 11:32 AM on June 8, 2010
Just answer the secret questions truthfully, but input the letters in reverse. (This also works for obscure usernames.)
And if you don't like the security of an online bank, there are other ones to try. Who wants an ING referral?
posted by sdrawkcab at 1:31 PM on June 8, 2010
And if you don't like the security of an online bank, there are other ones to try. Who wants an ING referral?
posted by sdrawkcab at 1:31 PM on June 8, 2010
« Older Connecting flights in Paris between CDG and Orly | It was hard enough cutting it to length, now... Newer »
This thread is closed to new comments.
Make up stuff and keep the answers you choose secure and memorable.
posted by skyl1n3 at 4:47 AM on June 8, 2010