Hey there folks,

We just updated our billing system over the weekend to the new WHMCS 4.0.x branch and along with the new version came security questions that we can ask customers. In the past we asked any number of things such as "mothers maiden name" and "last 4 digits of SSN numbers" and various other questions.

What are your top questions that you ask when people forget login information etc?

I found a pretty informative site listing a number of the top questions and their comparisons as to whether they're Safe, Memorable and Stable etc. Asking the question, "What's your favorite color" doesn't hold much weight given that there are limited colors and people's minds change over time. So what kinds of questions are you guys asking customers or do you even bother with this extra security check?

Here's a link to that site I was reading: http://www.goodsecurityquestions.com/compare.htm

I think "What's your pet's name?" is a good one.

I think any question relating to personal information is no good. Your mothers maiden name, pets name, etc. are really bad questions. Hackers use these types of questions to their advantage all the time.


Asking the person for a secret phrase, or what ever is a better question as the hacker will never know this unless the person leaks the information out himself.


Also, thanks for the link conor.

Yeah, there's SO much information available on FaceBook and MySpace which is freely available to many people it got me thinking about security questions.

People often post pictures of their kids (along with names), pictures of pets (and names) and with some minor looking around you can find out what highschool they went to, and best friends in school/college etc.

The phrase option is nice, but how often are you presented with that when you just put in something, then quickly forget it?

Email addresses change, and stuff that would be "constant" is easily searchable on the web (especially those little survey things people make up on Facebook.

Who remembers their Maternal Grandmother's Maiden name? Email addresses change often for people too - so just trying to think of what can be used

I think this is pretty memorable - very personal - not widely known or disseminated. I've seen some very strange security questions lately - which is a good thing.

Well, some people have a phrase only they use or know so that is something they can use. Also, it is just common sense if you use something that you just made up on the spot to save in a .txt and store on your computer or external drive.

one that iv seen used and favor towards is the good old "what are the x and y characters of your pasword" replaceing x and y with a number so for example:

Password: HostingDiscussion
Quesion "what is the 2nd and 6th letter of your password"
Answer "o and n"

It isent particually usefull if they cannot remember their password however the number can be changed dependant on the users password however 2 random letter chocies should be used where possible.

Works well on live support and via phone, both Norton, Orange, and O2 utalise the same quesion if not a variation of it.

Yeah, the "last 4 digits/letters of the password" we often use in live help etc... or if it's technical support they're already logged into our billing/support system already and that does the verification for us.

The main thing that we were seeing is the password reminders or "i forgot my password" type scenarios.

The "kissing" security question I've seen that a few times, along with "first crush" and "first employer".

I just can't get over how FREE people are with their information some times. The security questions at the banks are worse than pathetic - "what city were you born in" or "mothers maiden name" and my favorite "what is your phone number" - yes, that REALLY was a question at a Credit Union I belonged to. They've since removed it, but it was SO awful!

Security is always at the forefront of my mind - good and bad. Hopefully someone's brain is kicking into gear with how they address these sorts of issues in their own organization.

i write my own questions..<..>

Care to share any of them?