Secret Question Security

So you have your super strong password and nobody would guess it in a million years, but maybe a someone wanting to gain access won’t need to….

Often sites ask you to provide answers to security questions when you sign up, these are used to recover or reset you password if you forget it and are often things like, “Where were you born?” or “What was the name of your first school?”. Sometimes this information can be found online or obtained easily with a little social engineering. Maybe the person trying to access your account knows you well enough to know the answers, an ex-partner or workmate.

Once the questions are answered you may choose where you would like the password to be sent to, especially if it is your email account that is being ‘hacked’. Most sites will happily send your password or a new password to your email account without any fuss or questions answered, giving the attacker the ability to access many of your online accounts.

So, what can we do about it? Well one way of dealing with it is to use more good passwords as answers to the questions, for example, the answer to your mothers maiden name question could be hG$h291@h9KJU and so on. However, because these are seldom used passwords you should put them somewhere safe… There are many ways to create store encrypted notes, 1password for the mac is a good one, PGP or truecrypt are also good cross platform solutions. Maybe even on a note kept in your safe if you have one.

There is never a way to be 100% secure but there are ways to become more secure and that is the best we can do.

comments powered by Disqus