Average password problems
Chances are, you’re an average person. By “average,” I mean you use personally identifiable information with your online security questions. Now don’t get me wrong, security questions are a good thing. They make your browsing experience friendlier, you don’t get locked out as often, you can reset your accounts, and they provide an extra layer of protection. Or do they?
I suppose I should also mention that the other thing most “average” people have in common is social networking and publicly available information. Let’s pretend that I’m a cybercriminal. It’s scary to think, but with a little research, I can know the make, model and color of your first car, your previous addresses, and yes, even your mother’s maiden name. Are you asking yourself how much information you have shared online?
But wait, here’s some good news — what cybercriminals like me most likely don’t know is exactly HOW you answer your questions, so here are a couple of tips for you:
- This is probably the only time I will tell you to fib. There’s no law out there that says your secret questions must have accurate answers. “Wait, you mean you DON’T drive a hot pink Lamborghini?!” No, I do, but I prefer the term, “fuschia.”
Answer in full
- Just because it’s an easy question, doesn’t mean the answer has to be one word. For example: What’s your pet’s name? “My beagle’s name is Mr. Tickles.”
- The key here is answer strength. Passwords are obsolete, security tokens are not for the average person, and well, people are lazy. And that’s okay — be lazy. But use a pass phrase, and if you want to be really tricky, lie to me.
Now, if you don’t mind, I’m driving to Paris in my hot pink Lamborghini with Mr. Tickles at my side.
This article has been updated and was originally posted August 11, 2017.