I have a third problem -- often times, the list of questions they ask are non-sense to me. "What is your favorite food?" I don't have a favorite, and can't think of anything that I'd remember later. "What was the name of your first pet?" I never had a pet. "What was the name of your high school sweetheart?" Gee, thanks a lot for stirring up bad memories.
Funny story - I had an old short-length insecure password on a website that I hadn't used for years.
I decided to log in and change it to a randomly generated secure password. However, they had upgraded their off the shelf software some time over the last 4-5 years to a newer version.
The problem was, on their password change page the "new password" field had a minimum length of 8 characters, however the "OLD password" field also had that exact same requirement.
So I put in:
* Old: 12345
* New: 717&t!1XFCWJWk!q@ut3B
* Confirm: 717&t!1XFCWJWk!q@ut3B
And got an error "your password must be 8 characters or greater".
After swearing a few times, I breakpointed and edited the javascript validation to remove the length requirement and submitted the change again - this time got a server-side error saying the same thing.
I ended up beating it by logging out, clicking "I've forgot my password" and resetting it via email.
I had a similar experience with a city bill pay website, except in this situation it was a new account and they simply didn't prevent me from setting the password to something long in the first place, so once my account was created I wasn't allowed in. And because you need to log in once to verify your email, I couldn't reset the damn thing either.
Just go with the snark and out in a joke answer that you will find funny. Some of my security questions are hilariously inapplicable, so the first silly, snarky thing I think up is likely to be memorable. It is also a little hard to guess unless you know me really well to an unlikely degree, and it won't stick out as much as a sore thumb in multi-choice situations.
