I thought I had been diligently following the best security advice when setting up passwords for all types of online access: use a different password for each site; make it un-rememberable; use a combination of letters, characters, and symbols; use a password manager.
I was also diligent about answering the security questions required for the additional level of security on banking and financial sites.
Then I read the following: Is the answer to your security question available on your social network feed or within your email?
I thought about which security questions I typically use:
- What is your mother’s maiden name?
- What is the name of your pet?
- What is the middle name of your youngest sibling?
- What was the name of your high school?
The answers – every one of them – were on my Facebook profile and feed:
- My mother uses her middle name in her profile and she’s tagged in a number of my photos.
- My pet’s name is right there in that cute photo with my son.
- It’s not hard to figure out who my youngest sibling is – she’s 21 years younger than me and she also uses her middle name in her profile.
- And, yep, I “like” my high school alumni group.
Yikes! If a hacker got past my password, the answers to the security questions would be a piece of cake.
If you’re like me and have been using those easy-to-remember security questions and answers, here are three things you should do today:
- Review all of the places where you’ve established security questions as part of your online access, and select new questions/answers that are not discoverable if someone gets past your password.
- Replace easily answered security questions with ones that are more secure.
- Pay close attention to your profile and posts on social media sites, and limit who has access to that information (hint: on Facebook, your options are friends, friends of friends, or everyone). What is the likelihood that information you choose to share could get into the hands of someone you don’t intend? Take appropriate steps to insure that it doesn’t.