In today’s always-on connected world, most people know not to give away too many personal details of themselves on Social Media sites like Facebook, Twitter, etc., as online details can be easily harvested by innocent actors as well as those who have more devious intentions. However, one area most people neglect to protect is when answering nostalgic questionnaires or playing games on sites such as Facebook. The information gained from these items is exactly what bad actors desire in pursuit of a user’s personal assets.
As this article describes, people that play games, answer questionnaires, or otherwise reminisce with people online about personal details may inadvertently give away answers to online accounts’ security questions. The purpose of these security questions is to assist in preventing unauthorized access to sites such as online bank accounts or credit card accounts. Unfortunately, it has been revealed over the years that security questions are a vulnerable method for secondary authorization.
An example of a type of game where a user might provide personal details would be when there’s a word game that gives them a chance to come up with a DJ (disc jockey) name by using their first pet’s name combined with the street that they grew up on. Or it combines the first name of their best friend from high school and the city they were born in. These answers would all be examples to popular security questions for online accounts. In addition, posting an answer to this online can also potentially cause a reaction from others to post their answers as well.
If a user does take part in these questionnaires or games, it’s a good tip to make the security questions for online accounts not truthful (and write down these fake answers for ease of remembering later on). Or better yet, make another password as the answer for the security questions, as in reality, the answer to security questions is just another password. Using another password for the answer to security questions navigates around the issue of having the same answers as provided with these questionnaires and games.
Other secondary authorization methods like text messages to a user’s mobile phone can present additional vulnerabilities, like being susceptible to mobile phone SIM swapping. A better way to secure an account versus using security questions or text messages is to use 2fa (Two factor authorization) through an app like Authy or Google Authenticator, both which are installed on the user’s mobile device. These 2fa apps provide a one-time-use key as a secondary authorization for online accounts. When a user logs in to an online account, they input the number generated by the 2fa app for the secondary authorization, thereby allowing access to their online accounts in a more secure manner. It’s best to setup the 2fa app for all online accounts (bank accounts, credit card accounts, Facebook, Gmail, etc.) where it’s an option.