Sunday, 20 November 2011
Securing security questions
We've all told the odd fib in our lives. Either to prevent someone we care about getting hurt or offended, or to protect ourselves or our families.
The difficulty with lying is that you have to remember who you've told the fib to and it will stay with you for the rest of you life. When it's the lesser of two evils, it seems to be the best course of action, and therefore we learn to live with that lie.
Now we've all learned this skill, I'd like to propose a new area of our lives to employ it in. Web site security questions.
The problem with security questions is that they are a back-door[?] into your accounts and quite often they are silly questions such as "What is your mother's maiden name?". Think for a moment how many people might know the answer to that question. You bank? Other sites that use the same security question? Relatives? Dodgey cousins? Close friends? It's pretty conceivable that this information like this could be obtained quite easily either via social engineering or it may also be available on-line in some capacity (there are plenty of on-line family tree sites nowadays which would help answer the security question in my example!).
So how can we secure this back-door? Why not lie..? If a site asks you what your first pet's name was, why not call him your brother's first name? The answer will be only something you know, not even your brother himself would be able to circumvent this security question!! (Well you wouldn't give him your Facebook password would you?!)
This isn't a de facto way to prevent you on-line accounts becoming hacked, but I think it is indeed a tool in your arsenal to make it that much some securer. I discovered this tip by accident one day when I was asked to complete a security question which I didn't even know the answer to myself, to I made something up and even to this day I can remember my answer!
Do you have a security tip that you'd like to share? Please leave it in a comment below. I hope this one has helped you!