Over the last week, I’m sure you have seen many of your Facebook friends posting the 10 concerts they have attended, and asking you to guess which one is a lie and then post your own list. I’ve seen them flying by fast and furiously on my timeline.
While these are fun exercises and more than likely innocent in intent, they can pose a security risk. What is that risk?
If you have ever clicked a link to reset your password, or visiting your banks web site from a new computer, you may have seen a security question presented, to verify your identity. You know the ones, What street did you grow up on? What’s your mothers maiden name? Where were you born? What’s the first concert you attended? Get it?
Security researchers are rightly warning that it may be best to not play along with these lists. The information you are freely providing may help a hacker try to guess the answer to password recovery question. Especially if you have done this for several different types of lists. Over time, a hacker who is using social engineering against you may be able to put the pieces together to hack into an important account of yours.
Some recommend not providing factual answers to these questions when you are setting up online accounts. In other words, for the question “What street did you grow up on?”, you could put in the response of “Huckleberry Circle”, knowing that’s not where you actually grew up. Instead of your mothers maiden name, you could answer McCringleBerry or some other random and bizarre name. Hopefully you get the idea.
The point is, to always think about what you post online. While it may seem like fun and innocent enough, you may be making yourself more easy to hack.