YOURLifeChoices subscriber Jack wants to know more about the recent increase in hackers targeting security questions and how he can strengthen his security question to prevent theft of information.
Q. I have heard that hackers are using users’ security questions to break into their accounts to steal information and money. What can I do to strengthen my security question and answer?
A. Hello Jack,
You are spot on in noticing a new trend in hacking accounts. In previous articles we have stressed the importance of a strong password. Having a password which is a good mix of numbers and letters is good practice, as is having a different password for any sites where the information would need to be protected (banking, etc) and more typically ‘fun’ or social sites such as Facebook or YouTube (or even YOURLifeChoices). The rule of thumb with passwords is to never mix business with pleasure, and of course to never have your username as your password or something simple like your surname, ‘password’ or ‘qwerty7’.
In the midst of this obsession to secure passwords, an equally important facet of online security has fallen by the wayside. The relatively simple ‘security question’ is often forgotten and rarely considered at its conception. This is where the more technologically proficient hackers are beginning to strike. While you may feel safe by stating ‘what is my mother’s maiden name’ or ‘what high school did I go to?’ any smart hacker can find the answer on government websites which post registers of births, deaths and marriages, or even popular websites like ancestry.com or classmates.com.
Obscure questions have also been found to be not impenetrable by hackers. It has been established that the answer to ‘What is my favourite colour’ is usually one of eight answers, which takes just seconds to answer. With questions regarding the names of family pets, simply guessing names has proven to be shockingly effective. In fact a recent Microsoft research study showed that answers to such questions are often quickly and easily guessed by hackers over 17 percent of the time.
The attitude to these questions has often been carefree as users naturally assume that since they have a password, their account and information is protected. However, as you should well know, when you forget your own password a quick answer of your security question will have you accessing your account. There is absolutely no reason why any hacker can’t attempt to enter your account and reset your password by simply answering an easy security question.
This is why it is imperative to choose a question not only that you can remember, but also a question hackers cannot guess, or find the answer to.
Here are some tips:
Pick a memory or an anniversary of which there is no public record
“Where was my favourite place to play as a child?”
‘What was my favourite toy as a child?”
“Where did my husband/wife and I have our first date?”
“Where did my husband propose?”
“What was my childhood phone number?”
“What is the full name of my first love?”
Describe some things in your home/office
“Name the people in the picture frame to the left of the computer”
If you follow these common sense steps, as well as the password hints, you will stay one step ahead of the hackers!