

Fun with your bank's secret questions & answers  - aresant
http://tongodeon.livejournal.com/890323.html

======
pmichaud
This is really hilarious, and I think it qualifies as system hacking.

~~~
javanix
It's also somewhat cruel to whoever has to read your "clever" message.

~~~
branden
Cruel? It might make a callcenter employee smile. It's borderline
humanitarian.

------
kschua
What happens if

Security Question: Can you repeat the question?

Answer: Can you repeat the question?

------
evo_9
Yeah this is quite clever and funny. Plus Zardoz?!? Wow, nice crazy old movie
reference, that's awesome.

------
chaosmachine
This is great. Reminds me of that guy who kept signing his credit card
statements with increasingly random signatures.

<http://news.ycombinator.com/item?id=1311710>

------
stretchwithme
all my emails from etrade start with:

    
    
      Hey, you big stud!

------
jbeda
A simple "speech injection attack." The bank obviously needs to sanitize the
input before serving it up.

------
viraptor
Ah... I'd really like someone on the other end to say: "You can change your
balance yourself, just use my login - the staff password is sexy_stud."

------
pella
[http://www.schneier.com/blog/archives/2010/04/fun_with_secre...](http://www.schneier.com/blog/archives/2010/04/fun_with_secret.html)

~~~
DTrejo
I like this one:

Q: If I said you had a beautiful body, would you hold it against me?

A: Sorry, you're not my type.

------
dryicerx
This is excellent! I wish more systems would let you configure the secret
question instead of giving a set of predefined questions... (eg. mother's
maiden name, first school, first friend, first town, etc), and most of those
questions can be found out about a person with some small talk. For places
like that my solution has been to give scrambled answers (eg. city of birth,
the answer 'colombo' becomes 'obmoloc'. Also this isn't my scrambling method
or answer, just an example).

~~~
sabat
Another simple but effective hack: have a standard untrue answer for your
mother's maiden name, first school, etc. Only you will know them. Your
mother's maiden name is McLuvin.

~~~
IgorPartola
I usually provide an untrue date of birth to places where it doesn't matter.
The only places that really need to know are the places that also need your
SSN. Everybody else just likes having sensitive info lying around.

------
steveklabnik
I answer every single security question with a nonsensical answer.

CSRs get really confused.

------
aberman
I'm changing my bank to this one immediately.

