Common Myths and Misconceptions

Account Privacy Questions will keep my password and account totally safe
The personal privacy questions many accounts frequently allow or require users to setup are offered as an alternative means of verifying your identity, and as a way to unlock your account should it be compromised. The types of questions provided are, frequently, ones for which the answers could very easily be guessed; it’s surprising how many correct answers to these questions can be found through a simple Google search. A good workaround, when asked to provide answers to these personal “privacy questions” that are used to authenticate you as well as allow you to reset your password, is to consider not answering them truthfully in a way that you can remember.

Account Lockouts protect me!
Many systems – primarily Online accounts for most average users, along with PIN codes – will lock out after 3+ incorrect login attempts. While this can add some protection against those trying to access your account, this isn’t full protection. If someone wants to gain access to an account badly enough, and has the resources to do so, they might be able to obtain an encrypted version of its password (called a hash), decrypt it offline (by conducting billions of mathematical comparisons/guesses per hour, depending on the computing power they have available), and then log into this account without getting locked out using a pre-cracked password.