When you sign up for practically anything online these days that has a password, you’ll be asked to provide answers for additional security questions, whether it’s for an additional level of authentication (for online banking), or just as a way of allowing you to authenticate to change a password that you’ve forgotten.<\/p>\n
The trouble with these is that it’s relatively easy these days to find the answers to the most common security questions for another individual. In a world of social networks and Google, you can probably find out someone’s mother’s maiden name, where they were born and what their first school was fairly easily; perhaps they have a blog where you can find out the name of their pets, or other information that’s sometimes used.<\/p>\n
The news that someone had gained access to Sarah Palin’s Yahoo account<\/a> last month reminded me of this earlier post<\/a> by Microsoft UK’s Steve Lamb, who tried to change his mother’s maiden name with his bank to avoid this very issue.<\/p>\n For a while, I’ve been using a legend<\/a>, with a fake mother’s maiden name, first school, pets, etc, which only I know. This is of course something else that I need to remember, but if you’re going to take security seriously, you’re going to have to make a bit of an effort with it. Of course if you were going to get really serious about this, you’d have to use a different legend for each authentication system – it’s up to you how far you want to go – but I’d definitely recommend using a few little white lies to keep your online accounts safe.<\/p>\n","protected":false},"excerpt":{"rendered":" When you sign up for practically anything online these days that has a password, you’ll be asked to provide answers for additional security questions, whether it’s for an additional level of authentication (for online banking), or just as a way … Continue reading