Do you know what’s wrong with these?
We’ve all seen these in our Facebook and social media feeds. They seem harmless and ask questions like:
- Where did you grow up?
- What’s your favorite color?
- First pet’s name?
- Street you grew up on?
- Favorite food?
- What’s your high school’s mascot?
- Favorite band?
- What elementary school did you go to?
- Who was your first boss?
- Who was your favorite teacher?
The problem with these questions, in addition to being significant wastes of time, is they expose all of your most obvious secret password reset questions.
People tend to think of “hackers” and “being hacked” as some global operation of people in foreign countries exploiting Matrix-like code.
In reality, it’s usually an ex lover, employee, or disgruntled person close to you that will try to gain access to your information. It’s not “hacking” when all they’re doing is answering questions correctly and logging into a service. And often quizzes and social media posts like these expose that information to people close to you.
- You can protect yourself by having more secure passwords, PINs, and secret questions that are knowable to you, but not obvious.
- Your birthday or anniversary are easy PIN guesses.
- The last four digits of your deceased grandmother’s social security number or your childhood phone number are much less obvious and unlikely to come up in conversation even with people close to you.
- Avoid social media posts that ask these kinds of questions. They have nothing of value to offer you.
- Consider committing at least one kind of secret question answer to be more complex. Instead of your high school mascot as a “lion”, tell yourself you’ll always use “black and gold lion”.
Large organizations with vast amounts of private data—like healthcare organizations, schools, universities, and large retail operations—are valid targets for hackers looking to disrupt people from afar. But most people most of the time are at a bigger risk of data loss and theft from people they know. Common targets include your photos library and risqué photos of you for “revenge porn”, locking you out of services such as Netflix, Facebook, Amazon, or other areas you may have shared passwords, and your bank or financial institutions.
Why is my birthdate or secret question a problem for security?
Your birthday is usually a good clue to PINs and secret “reset your password” questions. If someone—whether an attacker, more likely, an ex or disgruntled employee—wanted to “hack” into your email address they could probably guess the secret questions based on these questions.
Want more? Check out the rest of this email security series.
Does your team need some cybersecurity help?
VPC can conduct onsite, interactive, tabletop, and virtual cybersecurity training and audits that go beyond email security.
We’ve worked with the Midwest’s largest governments, enterprises, and healthcare providers to audit, protect, and train organizations to react and respond to malware, ransomware, cybersecurity, and more.