
In today’s crazy world of staying home instead of visiting friends, we’ve all been inclined to share a little more of ourselves on social media. There are more pictures of baking adventures with kids, selfies of good health and shared lists with a rundown of your personal information. Let me explain why sharing life information without precautions can be bad for real life.
Security Questions are Passwords
Decades ago, banks added extra questions to bank signature cards. This included information – such as a mother’s maiden name – to help verify customers needing account services. In the early 2000’s security questions became the norm for every account you set up online. Security questions are often required as an extra security layer to grant account access or to request a password reset. Questions range from asking your mother’s maiden name to the details of your first vehicle to the street you grew up on. The answers to these questions are additional passwords to access your accounts.
Breaches Handing Out Your Secrets
Security breaches happen every day, but in 2016 Yahoo admitted their security breach leaked over 3 billion users’ security answers to hackers, yes 3 BILLION accounts. This shed light on an even more serious issue – you can’t change your mom’s maiden name or the street you grew up on. But those now-public answers have the power to grant access to your accounts.
Fun But Harmful Social Media Posts
The Yahoo breach and other breaches may have spread some traditional security question answers around, but many people use social media to willingly spread the rest of them. Social media serves as a medium to help us connect to others (or argue with them, but that’s a different article). It was made for these things, but sharing such information publicly also opens users up to account hacking.
- Who doesn’t get a kick out of discovering that our soft-spoken, sweet friend that we met in church has a list of favorite concerts that includes hardcore rap?
- Why not gather “Likes” from posting pictures of us restoring our first vehicle on social media or reminiscing over old 1st grade class photos?
- How many have competed to see who’s moved the most times with lists of former hometowns?
- What other sharing have you seen that includes security question answers?
We’ve all enjoyed these posts, but all of these items are answers to many of the traditional security questions that secure our accounts. It’s hard to remember what we’ve used for our security questions around the internet, so we should assume we’ve used our personal information somewhere. Your privacy settings on your account may be high, but social media is stored in an online database that has certainly been hacked more than once.
Other Options for Security Questions
It’s not likely that you’ll switch over to posting fake information to social media to avoid giving up your security question answers. However, you do have the option to make up fake answers to security questions on your accounts. But how do you remember your fake answers? What if you mess up the exact spelling? A lot of people use a paper notebook to keep track of passwords and security answers. If this is you, please stop. With this strategy, one spilled glass or stolen laptop bag creates a whole new disaster in your life. Instead, look into a free password keeper like LastPass where you can add extra notes to your entries and only have to remember one password. With ever-present malware key-stroke loggers hiding silently on many computers, typing in passwords and security question answers still hands the keys over to hackers.
Upgrading To Two Factor Authentication (2FA)
Two factor authentication (2FA) is one of the most popular alternatives to security questions. 2FA requires two steps to allow you account access. The first step is usually your account password. According to PC World, “two-factor authentication is basically a combination of two of the following factors:
- Something you know – such as your password.
- Something you have – some options include getting a text on your phone, iCloud verification, email verification code, authentication app, or a physical security key.
- Something you are – such as a fingerprint reader or retina/face scanner.
There are no specific regulations requiring a business to have or request security questions. However, there have been increasing regulations requiring the safe storage of a user’s personal identifying information, such as the data which can be gleaned from stored security question answers. With this in mind, it’s a no brainer to set up 2FA if it is offered by your vendor. If your vendor does not offer 2FA yet, let them know you want better security on your account.
If you enjoy social media, then keep an eye out for our upcoming blog article – How to Stop My Social Media Account From Being Hacked.