There’s no doubt that our online identities are continuously
under attack. The proof is the trillion dollars in profits that
cybercriminals will make this year alone.
You might say, “But, I have strong passwords, so I’m safe!”. Even with complex and unique passwords for every account (most people don’t bother to create unique passwords), there’s a good chance that some of your accounts have been compromised and are available on the Dark Web. Consider using a password manager such as Roboform, which allows you to create and manage unique, complex passwords for all accounts.
Another way to protect yourself is to enable Multi-Factor
Authentication (MFA) on every account that allows it. And if you have accounts
that don’t offer MFA, it might be worth looking at another vendor that does
offer MFA on their accounts.
Vendors also try to protect their accounts through security
questions. In recent years, cybersecurity experts have reconsidered the
use of security questions altogether. Unfortunately with the
pervasiveness of social media, online public records databases, and the vast
amount of Personally Identifiable Information (PII) available on the Dark Web,
security questions no longer provide much in the way of security. Finding
your high school, the name of your pet, or your favorite sports team is easy to
find by doing a social media search.
In addition, hackers that have stolen user accounts from
Yahoo and others have not only stolen credentials in some cases, but security
questions and answers as well. And if you’re like many people, you
probably use the same security questions and answers amongst multiple accounts.
How to Use Security Questions Securely
Step 1 – Use made up answers.
Choose a question such as, “What is your grandmother’s maiden name?” and answer it with a long, non-sensical answer that is made up, or use a uniquely generated password from your password manager.
Step 2 – Utilize your password manager.
Use your password manager to save the answers to your security questions, or use the secure notes section of your password manager to document the answers.
Step 3 – Completely phase out use of security questions.
Avoid using security questions and answers that can easily be about you through social media or online public records (or that you’ve used on other accounts).
Lying on your security questions is just another way to
protect your online identity.