Let’s start this blog off right – lie to me

< Go back to blog

Let’s start this blog off right – lie to me

laptop online password security questions

Hello, Smarter Campus readers! My name is Vincent Grimard and I’m the Chief Security Officer for Nelnet Corporate Security Group. For the purpose of this blog, I’ll be sharing security tips and stories intended to make the typically black and white world of security a little more colorful. With that being the focus, I meant what I said in the title. I want you to lie to me, but read on to find out why.

Chances are, you’re an average person. By “average,” I mean you use personally identifiable information with your online security questions. Now don’t get me wrong, security questions are a good thing. They make your browsing experience friendlier, you don’t get locked out as often, you can reset your accounts, and they provide an extra layer of protection. Or do they?

I suppose I should also mention that the other thing most “average” people have in common is social networking and publicly available information. Let’s pretend that I’m a cybercriminal. It’s scary to think, but with a little research, I can know the make, model and color of your first car, your previous addresses, and yes, even your mother’s maiden name. Are you asking yourself how much information you have shared online?

But wait, here’s some good news — what cybercriminals like me most likely don’t know is exactly HOW you answer your questions, so here are a couple of tips for you:

  1. Lie (this is probably the only time I will tell you this): There’s no law out there that says your secret questions must have accurate answers. “Wait, you mean you DON’T drive a hot pink Lamborghini?!” No, I do, but I prefer the term, “fuschia.”
  2. Answer in full: Just because it’s an easy question, doesn’t mean the answer has to be one word. For example: What’s your pet’s name? “My beagle’s name is Mr. Tickles.”

Remember: The key here is answer strength. Passwords are obsolete, security tokens are not for the average person, and well, people are lazy. And that’s okay — be lazy. But use a pass phrase, and if you want to be really tricky, lie to me.

Now, if you don’t mind, I’m driving to Paris in my hot pink Lamborghini with Mr. Tickles at my side. See you next month!



Currently serving as the Nelnet’s Chief Security Officer, Vincent is responsible for all enterprise-based and localized security initiatives. Vincent is known for taking security outside of the box by investing in the happiness of his teams and being interactive with the employees of Nelnet. He has created one of the most comprehensive and effective security awareness programs, a centralized information security policy methodology spanning three regulatory areas (ISO, PCI, NIST), and most importantly a highly efficient, productive, well balanced and happy team. Vincent maintains a trifecta of experience that is centered on managing and securing information technology environments, auditing those environments against multiple industry standards, and then growing and securing those environments into enterprise-based regulatory compliant platforms.


Archives

Connect with us

Request more information

We can find a custom-fit solution to meet your needs.

Request more information

Upcoming events

22

Mar

NACUBO SFS Conference

Portland, Oregon

29

Mar

Alliance 2020

Philadelphia, Pennsylvania

05

Apr

Ellucian Live 2020

Orlando, Florida