Bits from Bill Pytlovany: Password Security Questions Suck

billpwp

By Bill Pytlovany

My mothers maiden name was Sullivan, my first pet was named Snoopy, my fathers middle name was Joseph and I was born in Schenectady, NY. I can tell you because I would never use real answers in any so called security questions.  While it’s handy when forgetting your password it’s the easiest way to have your password reset and stolen.

Yes, companies still use these questions with answers that are publically available and having numbers, letters and special characters in your password won’t help you. Truth is programs that keep trying different word combinations are obsolete. Your password will most likely be incorrectly stored and stolen by someone you do business with or figured out using data in the password security or “challenge” question.

Remember when Sarah Palin’s Email was compromised? It wasn’t some brilliant hacker, it was someone who Google’d where Palin attended high school.

So are there really companies that still use predicable and lame questions? I won’t say who but the following were actually from a banking site.

question1

question2

question3
question4
And people wonder why I don’t list my birthday on Facebook?

The Results
So what typically happens when someone get your Email and password?
First it’s usually not personal. Once your Email is compromised it’s entered into an automated program. The program will log in and collect all the names and Email addresses from your contact list. It could be on AOL, GMail or Outlook; your address book is easy to access programmatically.

It won’t be long before the program breaks up your contacts and sends them all an Email with either a link to malware or something as benign as an advertisement for Viagra.  It could just be an ad because these guys could be earning a couple cents for every view. Since it’s all automated it could add up to thousands of Euro a month.

Article continued here

This post is excerpted with Bill’s permission from his blog

Stop Responding to Threats.
Prevent Them.

Want to get monthly tips & tricks?

Subscribe to our newsletter to get cybersecurity tips & tricks and stay up to date with the constantly evolving world of cybersecurity.

Related Articles