Often when you register for access to a website you are required to answer a set of security questions.
These questions are used if you forget your password or have been locked out of your account. You can answer the security questions to regain access.
The questions are typically the same or similar for most websites. For example, what is your mother’s maiden name? what street did you grow up on? what was the first car you owned?
Anyone can try using your security questions to break into your account and from there they can reset your password and change the security questions so that you are locked out of your own account and they have full access.
Many people use the same username, password and security questions for all of their accounts. Doing that is dangerous, if someone gains access to one account, they can then gain access to your other accounts. This can lead to identity and financial theft.
How many times have you been on Facebook or another social media site and answered quiz questions or played some type of game where you provide information about yourself?
Often, the questions are the same or very similar to the security questions you have used.
This is not an accident. Thieves use these games and quizzes to harvest information about you, they can use the information to build a profile on you and hack into your accounts, steal your identity and open accounts and lines of credit in your name.
You should never participate in in this type of activity on social media. People often share far too much personal information about themselves on these sites.
The Better Business Bureau has issued a scam alert concerning social media quizzes.
What can you do to stay safe?
Don’t share personal information on social media.
Don’t play games or answer quiz questions.
Use a unique, strong password for every site. Never use the same password more than once.
Change your passwords often.
When you change your password also change your security questions.
Use multifactor authentication whenever possible.
Never provide real answers to security questions.
How should you answer security questions?
You want to provide completely nonsensical answers to these questions.
Some websites allow you to create your own security questions. If you have that option, use it to make up random questions and answers. The questions and answers can and should be complete gibberish.
Use a password manager to generate a secure, random password and use that as the answer to your security questions. So, for example if the question is what is your mother’s maiden name? the answer could be something like PJFGwiX4H559C3BEgva8.
Do that for each answer. Then log all of the questions and answers in your password manager.
A password manager is a secure, encrypted database. When you set it up you will choose a master password that is required to open the program but that is the only password you will need to remember. All of your other usernames and passwords will be saved in the program.
There are many password managers to choose from. I use Keepass Password Safe, it is a free, open source, lightweight and easy-to-use password manager.
.
The Tech Minimalist 