Let’s Talk Cybersecurity — Lie to Me

< Go back to blog

Let’s Talk Cybersecurity — Lie to Me

laptop online password security questions

Average password problems

Chances are, you’re an average person. By “average,” I mean you use personally identifiable information with your online security questions. Now don’t get me wrong, security questions are a good thing. They make your browsing experience friendlier, you don’t get locked out as often, you can reset your accounts, and they provide an extra layer of protection. Or do they?

I suppose I should also mention that the other thing most “average” people have in common is social networking and publicly available information. Let’s pretend that I’m a cybercriminal. It’s scary to think, but with a little research, I can know the make, model and color of your first car, your previous addresses, and yes, even your mother’s maiden name. Are you asking yourself how much information you have shared online?

But wait, here’s some good news — what cybercriminals like me most likely don’t know is exactly HOW you answer your questions, so here are a couple of tips for you:

  • Lie

    • This is probably the only time I will tell you to fib. There’s no law out there that says your secret questions must have accurate answers. “Wait, you mean you DON’T drive a hot pink Lamborghini?!” No, I do, but I prefer the term, “fuschia.”
  • Answer in full

    • Just because it’s an easy question, doesn’t mean the answer has to be one word. For example: What’s your pet’s name? “My beagle’s name is Mr. Tickles.”
  • Strong strategy

    • The key here is answer strength. Passwords are obsolete, security tokens are not for the average person, and well, people are lazy. And that’s okay — be lazy. But use a pass phrase, and if you want to be really tricky, lie to me.

Now, if you don’t mind, I’m driving to Paris in my hot pink Lamborghini with Mr. Tickles at my side.

 

This article has been updated and was originally posted August 11, 2017.



Formerly Nelnet’s Chief Security Officer, Vincent was responsible for all enterprise-based and localized security initiatives. Vincent was known for taking security outside of the box by investing in the happiness of his teams and being interactive with the employees of Nelnet. He had created one of the most comprehensive and effective security awareness programs, a centralized information security policy methodology spanning three regulatory areas (ISO, PCI, NIST), and most importantly a highly efficient, productive, well balanced and happy team. Vincent maintained a trifecta of experience that was centered on managing and securing information technology environments, auditing those environments against multiple industry standards, and then growing and securing those environments into enterprise-based regulatory compliant platforms.


Archives

Connect with us

Request more information

We can find a custom-fit solution to meet your needs.

Request more information

Upcoming events

07

Oct

Workday Rising

Virtual Conference