What’s your mother’s maiden name?
What is the name of your first pet?
What street were you born in?
Do these sound familiar?
More than ever we need to be more vigilant and clever about ensuring our privacy and securing our online accounts.
Security questions are astonishingly insecure: The answers to many of them are easily researched or guessed, yet they can be the sole barrier to someone gaining access to your account. The cryptology and security expert Bruce Schneier once described them as an “easier-to-guess low-security backup password that sites want you to have in case you forget your harder-to-remember higher-security password.”
There has been no shortage of incidents demonstrating these questions’ vulnerabilities. In 2005, Paris Hilton’s T-Mobile account was hacked by a teenager who, like anyone who searched “Paris Hilton Chihuahua” on the internet, knew the answer to “What’s your favorite pet’s name?” In 2008, Sarah Palin’s Yahoo account was hacked by a college student who reset her password using her birth date, ZIP code and the place where she met her spouse. In 2014, after nude photos of several Hollywood actresses were leaked, Apple reported that their iCloud accounts had been hacked through “a very targeted attack on user names, passwords and security questions.”
Read more in the NY Times
