Published 16 years 2 months ago • Last updated March 22, 2025 • ⏱️ 2 min read
I love to think of unsolvable problems and try to solve them. I dunno why I just enjoy it. One of the most challenging problems is "secret questions". Everyone sucks at this, I'm looking at you Google. One of the first lines of defence for a unverified account can be a secret question. This is why my dog is called "mi(mqure~sb$ztrcjeoosc*m;wbyowdd@" online.
How to solve it? Well at first I thought of questions like "Which picture do you have in the front room of your house?" but there are problems. Like anyone can visit your house and see the picture or look through your window. The physical aspect of them having to do that though reduces the likelihood of it happening unless they really want your account. Doing this over a few accounts is also less likely because you'd need to visit all their houses.
Or do you? Damn you flickr. People upload pictures of their houses, this is bad using as part of a secret question because you can clearly piece the information together if available. Bruteforcing is hard though because your automated program would need to understand the question. Unless the attacker builds an automated program that gathers the accounts and questions in various frames and can picture the correct answer. Oh dear this is harder than it sounds. What if you decide to bin the picture? Not good so I thought of something else.
Open your hands and look at them. Can you see the ridges between your fingers? You carry this data with you all the time, it's hard for someone to obtain without taking a detailed picture of your hands. We can use this data! Example instead of a question "What is your favourite cats name?" the better questions would be series of:-
"Please tell me How many ridges there are on your first finger left hand? "Please tell me How many ridges there are on your fourth finger right hand? "Please count the number of large ridges on your palm right hand"
You would require more then one question at a time and the you'd have to be careful about the questions chosen. I thought of ridges because they would be pretty different for each person and they wouldn't mind disclosing the information.