
Practice good online password security - naish
http://www.macworld.com/article/135655/2008/09/emailpwdsafe.html?lsrc=rss_main
======
dhimes
He's making it way too complicated. For your "secret question," you should
never actually answer the question. For instance:

 _First school:_ Neptune

 _First Car_ Neptune

and so on. They only check that the answer agrees with what you said it was
when you set up the account. They don't actually check to see that it is
_true_. A lot of people don't get this. In effect, it is simply a second
password; a backup, if you will.

------
DabAsteroid
The "problem" they discuss is the secret-question routine used for hinting
when users forget their passwords. However, for the secret-question problem to
be relevant, users must first break the first rule of password security which
is:

Never commit a password to memory. Always write it down.

