Why Security Questions Are NOT Secure
By
Staten Island, NY Posted: 9/30/2016 1:00:00 AM
I hate when a website forces me to answer Security Questions, because I know they are NOT Secure.
Identity theft is a serious problem these days, so just about every major website that keeps personal records uses some form of additional security, unfortunately most of them still use Security Questions as their only defense, which is a joke, because they are anything but secure.
The problem is the questions most sites use are completely pointless, and guessable. What good is asking somebody to enter their mother's maiden name, or the names of aunts, uncles, siblings or cousins, when there are a number of websites that will give them the answer. Anyone who understands how to use Facebook can find your mother's maiden name in seconds.
Even if you don't use Facebook, or mark your account as "Private", there's still a good chance they can find that information on genealogy and public records sites like Ancestry.Com.
I should also point out that many times an identity thief is somebody who already knows you. They could be friends, family, neighbors or coworkers, or other people who already know quite a bit of your family tree.
I've seen some Security Questions that are even worse. For example, T-Mobile asks for things like your favorite color, sports team, or even the brand of your first car or motorcycle. Think about it. Your favorite COLOR? Are they crazy? There are only a handful of colors. How long would it take for a hacker to try them all. Ditto for your first car brand. How many brands are there? Even worse... the MAKE of your first MOTORCYCLE? Chances are anyone who picks that question has a Harley... or if they're young, perhaps a Kawasaki or Honda. That's it. Yes, there are others, but chances are it's one of those.
If Security Questions are so bad... what can you do if you're forced to use them?
The best solution to security questions is to choose answers that have NOTHING to do with the questions. If they ask you for your pet's name, answer with a NUMBER, such as your phone number or driver's license number. A hacker would never expect you to give an answer like that.
The more obscure your answer, the more secure your account will become.
Be creative. Answer with your license plate number. Your library card number... or your hairdresser's phone number. Just be sure to consistently give the same answers, so that every time a website asks for your pet's name, you give them the same response. Write it down if needed until you can remember.
Joe Crescenzi, Founder
(Reply N/A) (Edit Topic N/A)
(Like Topic N/A) [0 ] 5479 Views
Related Posts
Hacking(4)Identity Protection(1)Identity Theft(5)Online Security(6)Security Questions(1)
Top 25 Posts
* Note: The ideas on "Idea of the Day" were posted without any formal research into existing inventions.
In some cases, patents may already exist for these ideas, in other cases, there may not be any existing patents and you are free to develop and explore the viability of developing and patenting the ideas.
The authors make no claim that any of the ideas are safe, practical, or suitable for any particular purpose. You are responsible for the results of trying, developing, patenting or using any of the ideas on this site.
For some people, our ideas are just an interesting read, but our goal is to encourage you to take action. If you see an idea that you like, do something with it... Take action.
- Joe