How safe are the online accounts and services you use?
The huge Equifax hack earlier this year is now pegged at affecting about 8,000 Canadians, revised from earlier estimates of 100,000.
In the US, it is believed about 143 million Social Security numbers have been compromised along with some 10 million plus driver’s license numbers.
Putting aside the large headline grabbing hacks of that magnitude, the ability to gain access to your accounts is probably easier than you think. And you could well be to blame.
There are several well-known weaknesses many of us still expose ourselves to when it comes to on-line security:
- We use common, easily guessed passwords or the same password for every account
- We keep a file on our computer called “Passwords”
- We keep a sticky note on our monitors or under ourkeyboards with key user id’s and passwords
- We sign up for other online services using the convenience of signing in with our Facebook or Google accounts
- We indiscriminately click on “change password now” links in emails warning us our bank or other accounts have been tampered with.
There are subtler ways that you may be helping hackers though.
Have you ever done one of those Facebook things like “Find your stripper name”, “Amazingly accurate 5-question personality test”, or “Take our high school memory test; most people score less than 50%!”? If so, you’ll notice you’re supposed to post your results on your timeline (with the link to the instructions for your friends), or sign in with an email address/Facebook account to take the quiz.
Now look closer at some of the questions or instructions:
Combine the name of your pet and the name of the street you grew up on.
Combine your mother’s maiden name with you father’s middle name.
In high school, did you prefer English or Math? Bonus; what was the name of the teacher in your favourite class?
And so on…
What many of these have in common, is the answers contain responses to “security” questions that are frequently used when you forget your password to a service or account.
Combined with your email address or profile, they form the thin edge of the wedge for hackers; if they can get into one account, then chances are they can engineer their way into others.
Evan Standish is sales manager for OnDeck Systems, which has been helping North Island businesses practice safe computing for over 20 years. Contact Evan at 250.334.0638 or firstname.lastname@example.org.