Security experts use this lie all the time, you should, too
Aug 16, 2020, 6:10 AM
(Pexels Photo)
(Pexels Photo)
Our online identities are always under attack. If you think that sounds dramatic, consider this: Cybercrime makes about $1.5 trillion in profits a year, and that’s a conservative estimate.
Strong passwords go a long way in securing our accounts, but the sad truth is most people don’t bother to set up complex, unique passwords for every account.
Taking an extra step, like setting up two-factor authentication, can further bolster your logins.
You shouldn’t rely on security questions — if you answer them the way you’re supposed to. Locking down important accounts with your first pet or mother’s maiden name may lull you into a false sense of security.
What’s the deal with security questions, anyway?
In recent years, the cybersecurity world has reconsidered the use of security questions altogether. They ask you to remember personal tidbits like your favorite sports team or the street where you purchased your first home. On the one hand, these can be easy to answer, but they’re not as secure as you may think.
There are classic questions that pop up like, “What is your mother’s maiden name?” One of the biggest problems with these sorts of questions is the answers are relatively easy to find. Your mother’s maiden name is likely a matter of public record, and by merely knowing the name of your high school, a thief can figure out the mascot. Finding your favorite sports team isn’t tough, with a glance at your social media profiles.
Hackers that accessed user accounts, like with the infamous Yahoo data breach, have also been able to access user security questions and answers — so even answers that are harder to find online may be floating around the Dark Web.
I host the incredibly popular “Tech You Should Know” podcast. In 30 minutes, you’ll be an expert on topics like the Dark Web and online banking safety. Search for Komando wherever you get your podcasts or listen here on my site.
You won’t believe just how little your identity is worth in hacker marketplaces.
So how can we better secure our security questions? One approach is to lie about your answers, but even that has its downsides.
Google’s take on security questions
A 2015 study conducted by Google researchers concluded that “secret questions generally offer a security level that is far lower than user-chosen passwords.”
For one, many people use easy-to-guess answers that don’t even require careful snooping or hacking. It also uncovered a problem where people who lie about their answers later forget those made-up answers, making it more difficult for them to recover forgotten passwords.
Ultimately, the researchers say, “We conclude that it appears next to impossible to find secret questions that are both secure and memorable.” While Google research isn’t optimistic about these types of questions, they are still in use for many websites, so we need to adapt.
On my site, we have a Q&A forum where you can post your tech questions and get answers you can trust from real tech pros, including me.
How to manage your security answers
Now back to the idea of lying about your answers. How can you field these sorts of questions more securely without forgetting your fictional answers?
One solution is to use a password manager, which lets you use hard-to-crack passwords without remembering every one. Most password managers allow you to keep secure notes. This is where you can store your made-up answers.
MORE TECH SMARTS: Using the same passwords, again and again, is just one major security no-no. Here are six more basics you need to know.
If you’re not using a password manager, be sure you come up with fake answers you can replicate later. For example, if the question asks for your mother’s maiden name, you might instead use your grandmother’s middle name or a favorite celebrity’s maiden name.
If the site gives you the option to create your security questions, take advantage of that and come up with obscure questions that would not be easy to find by searching you out online or looking at your Facebook or Twitter profile.
You might go with something like, “What is the name of your imaginary friend from childhood?” or “What band poster did you have on your wall in college?”
Security questions may one day become obsolete, but in the meantime, it’s smart to take some steps to keep your answers as secure as possible. This one time, a little lying is perfectly acceptable.
What digital lifestyle questions do you have? Call Kim’s national radio show and tap or click here to find it on your local radio station. You can listen to or watch The Kim Komando Show on your phone, tablet, television or computer. Or tap or click here for Kim’s free podcasts.
