Can security questions protect your account? Only if you answer them like this…
Protecting your account from hackers and other bad guys is not as easy as you would think. In the past, all you needed was a password, typically four to eight characters. Then the bad guys figured out how to break these. Next was the idea of using special characters, capitalization, and numbers in your passwords. Bad guys figured these out too leading to the creation of security question answers.
Why were they created
The purpose of security question answers was to add an extra layer of security to your account. A layer that the bad guys should not be able to break, like passwords, using a computer program and a super-computer.
To set up a security question answer, the organization where you have your account would provide you one or more questions to which you provided the answer or answers. Unlike identity verifying questions, the organization was not verifying your answers against a database. The first answer you provided became the official answer.
How do most people answer them
People are lazy. There I said it. Yes, people are lazy when it comes to protecting their accounts. The reason is because we don’t want to add more stress or work to our already busy lives.
Um, having your account hacked is very stressful and will add a ton of work to your life. But I digress.
To make things easy we answer security questions with our real answers.
Why? It is easy to remember.
The need for convenience is the root of the problem.
The impact of social media
Did you know that most of the answer to security questions can be found in one of the million (okay, maybe a bit of an exaggeration) databases out there.
Where do they get the information? Social media!
Everything you post on social media, and online, is harvested, sorted, and sold.
We give away too much information online. Don’t agree with me?
When was the last time you participated in a social media poll or a “let’s get to know each other” game?
They ask you questions such as:
- What is the name of your oldest nephew
- Where did you go to high school
- How many siblings do you have
- What was your first car
- What is your dream car
- What is your favorite food
While these games may appear fun, the were created with malicious intent – to harvest your security question answers.
A couple of years ago one of our local TV anchors posted “This was my first car, what was your?” Within minutes hundreds of people were sharing their first car. I called the newsroom and asked to speak to the producer. I strongly suggested that the anchor remove the post due to security issues. The producer asked me what I meant. I reminded her that “what was your first car” was a common security question for financial account.
There was a long pause……..
The producer said “OMG, that’s the security question for my bank account! We will take the post down immediately!”
The first step to account security is to stop giving away too much information online. Facebook is not your private diary or chat room with your closest friends and family. Facebook is in the business of data harvesting. Your information has become a commodity.
Before responding to online polls and games, ask yourself “How could this information be use against me?” You must think like a criminal to defend against them.
What should you do instead
You now know that your information is a commodity. It is harvest, bought and sold every day. Bad guys buy this information and use it to access your account
Notice I didn’t say “hack.” The term “hacked” is overused. When bad guys answer your security questions or provide you basic ID verifying information, they are not hacking your account. They are merely taking advantage of your preference of convenience over privacy.
So, what can you do? Here is a simple trick to creating stronger security question answers.
Pick someone you know well to be your security question answer key.
What do I mean?
When you are asked to set up a security question, instead of answering it with your answer, answer it how your security key would answer it.
Here is an example.
Let’s say you chose your daughter as your security question answer key.
If the question is “what is your high school mascot?” The answer is NOT your high school mascot. It is your daughter’s high school mascot.
NOTE: this only works if you and your answer key do NOT share the same answers.
If you have the option to select the security question, pick one where you and your answer key do not have the same answer.
I call this the one-off method.
The one-off method is much easier to remember than using fake answers. The only thing to remember is -who’s your answer key.
Full disclosure: I cannot take credit for this simple, yet effective tip. It was created by one of my identity theft victim clients. I was at her home helping her add extra security to her account. One of the organizations required a security question. The answer she gave resulted in a confused look on my face. The answer was out-of-character for her. She smiled and said, “I use my son as my answer key.”
EUREKA!!! I told her I was going to steal borrow her idea and share it with others. She agreed.
Tips to remember:
- Limit what you share on social media
- Before posting or participating, ask yourself “How could this information be used against me?”
- Security question answers provide an extra layer of security for online account.
- Security questions work- if you stop choosing convenience over privacy.
- Use the one-off method when answering security questions – pick someone as your answer key and answer the questions how that person would answer them.
What do you think of the one-off method? Is is something you would use? Post your answers in the comments below.
While you are here, join my email list to receive tips and timely information delivered directly to your inbox.
