Why Security Questions Can Be Bad News


f you access web-based services such as social networking websites, message forums, or online banking applications, you’ve probably had to register for a user account. This sometimes drawn-out process required you to enter a login name as well as a password (or get one assigned to you), providing some sense of security when accessing the service.

Since good passwords (not the words ‘computer‘ nor ‘secret‘) can be almost impossible to remember (such as a ten character combination of letters, numbers, and punctuation), many services now use a “security question” you can answer in case you forget your username and/or password and need to retrieve or reset them. By offering a security question, these services can help ensure it is really you when a request is made for your login information.

Some websites may even require answering this security question as well as your password every time you use their services, offering a supposed second level of account security. More details please visit:-talviainen.fi ambientfactor.fi ferreta.fi kubisslondon.fi mattijohanneskoivu.fi akavanentre.fi kilpishop.fi

Security questions are normally facts that supposedly only you can recall, information that should not change. Several common examples are listed below:

* First School Attended

* Mother’s Maiden Name

* Name of First Pet

* Where a Spouse was First Met

Some websites force you into answering a predefined question, a popular one being your mother’s maiden name. Others offer a list of questions from which you may choose, but some may allow you to type your own questions and answers. This allows you to enter private information such as the name of your favorite musical group, the name you gave a pet rock, or the celebrity poster you placed on your wall as a kid.

Unfortunately, the answers to some security questions are well-known, easy guessed, can be obtained online, or can be found via public records or a private investigator (and if someone truly wants access to your account they may go through a lot of trouble). Thus, these questions, while provided to either offer a second level of security or remove the need for customer service representatives to otherwise verify identity when you request a new password, can cause all sorts of trouble.

Especially if only a security question is required to obtain or reset a password, or even a combination of a security question and other pieces of personal information, if someone can guess or obtain the answers to your questions, it is open season on your account!

This type of secret question and answer hacking can and has affected many individuals, including famous people. As an example, according to reports, 2008 Republican Vice-Presidential candidate Sarah Palin had her e-mail account breached when someone allegedly answered a few questions during a password reset request. The questions were her birthday, zip code, and where she met her spouse (Wasilla High), information available on the web or easily guessed.


Leave a Reply

Your email address will not be published.