Tech Watch: Social Wars

wikipedia.org

What's your social security number? Where do you keep your spare house key? What's your pin number for your bank account?

Chances are if a stranger—or even your best friend—asked you these things, you'd be hesitant to answer.   But what about if they asked you about your first pet, your mother's maiden name, or even who your 1^st-grade teacher was?

If you or someone you know has answered any of these questions, then you may be suffering from what experts call "I'm begging for someone to access my Facebook, email, and other personal accounts online Disorder"—also known as IBFSTAMFEAOPAOD.

IBFSTAMFEAOPAOD is a common, but treatable illness that strikes whenever someone creates a personal account online. Whether it's Facebook or Gmail, the risk is there….waiting…..plotting…and ready to strike at any time.

When people talk about online security, the obvious thing to talk about is passwords: clearly if you're using "1234," "password," or "opensesame," you need more help than this article can provide. If you're using something like "haas" or "michaelhaas," you're on the right track, but should probably change that up after this article gets published (note to self: change Facebook password). The best practice for creating a password online is to incorporate letters, numbers, AND symbols. Something like "michAELhaa$857" is something that almost NOBODY will be able to figure out.

So now that your password is changed and capable of defending Fort Knox, you're cured of IBFSTAMFEAOPAOD, right? Right??

 WRONG.

Unfortunately, society has been taught that passwords are the only way to access someone's account. If I know Person X's password, I'm in. If I don't know their password, I cannot access the account. And while that's normally true, there is a major flaw in online security that leaves almost everyone open to attack.

Think of your online identity as the Death Star: heavily guarded by your password but featuring a gaping hole where the Rebel Alliance can try and exploit your weakness (with the help of Obi Wan, of course). That hole, the minor inconvenience that no one ever thinks about: your security question.

Every time ANYONE sets up an account online, they'll be encouraged to set up a security question. This feature, while handy to avoid forgotten passwords, is the number one threat to Darth Vader's demise (aka your Facebook/Gmail getting commandeered).

The problem with security questions is that they're easy. Your first pet, your mother's maiden name, and who your 1^st-grade teacher was is ALL information that can be found online or by prompting a discussion with you about your history. This is called "data mining," and is much easier than you'd think. Once armed with that necessary data, all someone needs to do is click "forgot password," fill out the information, and eventually…set a new password.

Don't worry…there is hope (Episode IV: A New Hope). Just like setting up a password, security questions should be DIFFICULT to guess. The best way to do this? Answer the question incorrectly. Who was your 1^st-grade teacher? William Shatner. What was the name of your first pet? 85674cat. What's your mother's maiden name? $$$mom###. It's nearly impossible to guess an answer to something that isn't true, and it prevents anyone from mining data on you and accessing your accounts.

IBFSTAMFEAOPAOD is a very serious condition, and you should probably warn your friends about it. Use this information I have given you for good, not for evil (even though the Dark Side is incredibly tempting). "Instruct you in the ways of the security question, I have." – Yoda.

-Michael Haas, Social Media Director