I have a significantly long and secure password but I was forced to create three security questions. These questions mostly related to things that are easily discovered and add a risk to my account that I do not want. How can I remove these and only rely on my strong password? It defeats the advantages of a strong password if anyone who knows me well enough can guess 2 of 3 of these questions.
The world has changed dramatically since 2002. Now you need as always, a strong password in addition to other measures. Passwords back in 2002 didn't need to be a certain length, have a number or an upper case letter and so on. You were an overachiever if you had a complex password that exceeded requirements. Good for you.
That you have not had to comply until now is remarkable. But just like nickel loaves of bread and 25 cent a gallon gas, that time is over.
Your search for weaker security will fail. You can debate that a complex password is not weak security and you will be wrong in the eyes of companies who face attacks each and every day.They set the standard and we have the choice to comply or not.
If someone gave you a way to weaken the security of your account, why would you take it?
Choosing a max length password of random characters and symbols is weakened by allowing anyone to bypass it by knowing where I was born and my mother's maiden name which can be found rather easily with a search engine. Of course I will not answer these security questions with correct answers but many will and some have had their account passwords bypassed. It's a false security. Two factor is a great option but most Banks, Google, etc, those who face the most security threats, offer strong passwords, optional two factor authentication, and often force a mobile phone or secondary email address where they can send a confirmation code. They have mostly done away with Security Questions online that do not involve a PIN as they are a weakness.
I did not intend this as a debate over security questions, only a casual query if anyone knew of a work-around remove an inconvenience that has failed spectacularly for a number of those who actually answered them honestly but is mostly an inconvenience for those of us who manage their passwords properly.
...not to mention the other implementation issues they have had with them. http://www.theatlantic.com/technology/archive/2012/08/security-questions-the-big gest-joke-in-online-identity-verificatio…
Forced Security Questions
