At some point in all of us have probably forgotten their password, but luckly the site or service that you need the password for has this magic password reset questions (also known as secret question). These are questions that are meant to have simple answers that only you can remember, so you can be positively identified as you and not an evil hacker trying to get access to your account. Password reset questions are often something like this:
◦What is your mothers maiden name?
◦What is the name of your first grade teacher?
◦What is the name of your favorite football team?
◦What is the name of your first pet?
◦What was the name of the street where you grew up?
As you can see they are questions that everybody should be able to remember the answer to. The thing is that these type of questions are a bit too simple and to easy. The thing is that after social media entered into our lives many of us have short bio’s available online for everyone to see. Telling the world that you grew up in a cosy streed called Evergreen Terasse , that your first pet was the a puppy called Kerbero, and that you will neverforget the loving Mrs Oswald you had as a teacher in first grade. In addition you might also have public profile on ancestry.com describing your lineage bot on you mothers and fathers side.
As you can see many of the answers of these questions are available online with a little reasearch, and for people that know what they are looking for it can be very easy to stich together a list of plausebal answers to such quetions that are used as “safeguards” to identify you.
You can also fine these type of questions in some of our systems. A good example is the self-help function in the disk encryption tool used to protect the data stored on our company laptops. Even if there is a restrected number of attempts you that you can answer before you need to call servicedesk, some of the questions can easiliy be answered by someone else if they do some reaserch into your profile on different social media sites.
So how can you avodi that someone that put some effort into reasearching your profile can actuially use that information to reset your passwords and gain access to your accounts? Well I know your mother probably told you to never do this but you could lie. lie until your pants catches fire, becaue the important thing here is that the lie must be so good that you can remember it so you can answer the questions correctly. If possible you should consider not relying on password reset questions, but maybe try a password manager instead
In addition you should also be careful on how detailed your online bio’s are, since that information also can be used for identity theft in addtion to getting access to your online accounts. The information in such bio’s can also help hackers guess your passwords ( one of the mehtods used in the apple celebrity hacking scandal last year).