Leon Senn
IT Director
leon.senn@border.bank
763-780-6620
We have all seen them and answered them. Security questions so that in the event you forget your password you can be identified properly, and have your password reset to your online email, your credit card, or your banking account. Pick a system, and you will likely have to do something along these lines to validate your identity.
What you may not know is the following:
- Many of us use information that is easy to find on the internet about ourselves.
- Many of us share this information in Facebook polls/questions.
Here is a look at just how simple it can be to gain access to information, with almost no skill needed. During Sarah Palin’s campaign as Vice President, her personal email was hacked. The user was simply looking for something to derail her campaign. So, how did he gain access? He answered three security questions. Here they are:
- What is your birthday? This took a quick trip to her Wikipedia page. 15 seconds and that question was answered.
- Zip Code? She has always been from Wasilla, and they have two Zip Codes. Quick trip to the US Postal Online Service and the hacker had them both.
- Where did you meet your spouse? This was the hardest question. Some research showed she eloped with her husband after college. Some more digging and it was discovered they actually met in high school. This took some variations to answer:
a. High
b. High school
c. Wasilla High – Bingo!!
The hacker now had access to reset Sarah Palin Yahoo email password. Total time spent hacking? 45 minutes.
So, moving on from there, the explosion of Social Media has allowed us to put more information about ourselves online to people we do not even know. How many of you have taken quizzes with some of the following questions?
- Who is your favorite band?
- Who is your favorite football team?
- What is your favorite food?
- What is your favorite color?
- What is your favorite pet?
- What was your first concert?
- Who was your childhood best friend?
- Who was your maid of honor?
Do any of these questions look like security questions you might answer at some point in your life? While many of our close friends and family may know these things about us, we really have no need to share this information with the masses. Even a simple question of “who was your maid of honor” can be answered by looking back at any posts from your wedding or anniversary.
So, how can I avoid falling prey to this type of attack?
- Stop taking Facebook and other social media quizzes with this information.
- Set your Social Media settings to private.
- Add Multifactor to your account. More on this in the near future.
- Answer the security questions with a twist.
o Who is your Favorite Band?
- Add your favorite song to the end
- Add the year you first saw them in concert
- Choose your least favorite band
o Who is your favorite football team?
- Answer with your favorite hockey team
- Add your birthyear to the end
o Who was your maid of honor?
Truthfully, none of this is easy, but in the case of Sarah Palin, being hacked was easy. You don’t need to put a twist on all questions if there are three, but one should be more challenging.
Other Resources
Back to News