Slashdot Mirror

← Back to Stories (view on slashdot.org)

Don't Give Away Historic Details About Yourself (krebsonsecurity.com)

Posted by msmash on from the psa dept.

Brian Krebs: Social media sites are littered with seemingly innocuous little quizzes, games and surveys urging people to reminisce about specific topics, such as "What was your first job," or "What was your first car?" The problem with participating in these informal surveys is that in doing so you may be inadvertently giving away the answers to "secret questions" that can be used to unlock access to a host of your online identities and accounts. I'm willing to bet that a good percentage of regular readers here would never respond -- honestly or otherwise -- to such questionnaires (except perhaps to chide others for responding). But I thought it was worth mentioning because certain social networks -- particularly Facebook -- seem positively overrun with these data-harvesting schemes. What's more, I'm constantly asking friends and family members to stop participating in these quizzes and to stop urging their contacts to do the same.

On the surface, these simple questions may be little more than an attempt at online engagement by otherwise well-meaning companies and individuals. Nevertheless, your answers to these questions may live in perpetuity online, giving identity thieves and scammers ample ammunition to start gaining backdoor access to your various online accounts.

3 of 158 comments (clear)

  1. Re:Honestly? by CrimsonAvenger · · Score: 5, Informative

    Honestly, I don't even tell the bank the real answers to these dumb questions.

    This. The comment field in PasswordSafe is a wonderful place to store the made-up answers to those questions....

    --

    "I do not agree with what you say, but I will defend to the death your right to say it"
  2. Re:Honestly? by Anonymous Coward · · Score: 3, Informative

    My answers are stored in a password safe.

    Q: what was the name of the road you grew up on?
    A: T59hZ3HNvx98RC

    I've even had to give the "answers" once over a voice call to a CSR, and that works just fine. I got about halfway through reading the string of digits and they said "good enough" and moved on. Which was less than truly ideal, but good enough and worth a chuckle.

  3. just make stuff up... by Anonymous Coward · · Score: 2, Informative

    first pet's name? scooby doo
    birthdate? 1/1/1970
    first phone number? 867-5309
    first street address? 1313 mockingbird lane
    favorite color? rainbow
    favorite number? 42

    oshit, now you can hack my account.