Simple Security Questions Weaken Passwords
Today it was reported that presumptive GOP Presidential candidate Mitt Romney had his personal Hotmail account hacked by someone who figured out Romney’s answer to the “Forgot Password” security question. The question was “What is your favorite pet?”. Thank’s to the media probably everyone in America knows the answer. So who’s at fault?
- The hacker: No, because that is what they do. All too often we make it so easy for hackers and cyber attackers because most of us don’t think about security.
- Gov. Mitt Romney: Partially, because he may have used a very obvious answer. But ask yourself, what answer do you have to these not Secure Security Questions? And, if someone got onto your Facebook account could they find the answer?
- Microsoft: Partially, because they ask such obvious and stupid questions that have nothing to do with security. And have the answer emailed to the person and not on the screen.
How Mitt Can Secure His Passwords
So here are some things that you should do. If you want to know more, then ask for my free book: Online Identity Theft Protection for Dummies
- Get a password manager like Power LogOn so you don’t have to remember or type passwords.
- Use very secure , complex, long passwords that can’t be broken using brute force or social engineering methods.
- Just because a question is asked doesn’t mean you have to give the correct answer. For example, if they ask for your favorite pet, type in your first car. If they ask for your first car, type in your favorite teacher. Remember, computers are stupid and will give back what you gave it. So lie.
- While you have the media digging every which way into your past, for the rest of us don’t put your life history and secrets on Facebook or other social media sites. It never goes away and it is never private no matter what you are told.
Advise to the Romney Campaign
Check out Power LogOn; a smart card based, multi-factor authentication, password manager so no one has to remember, type or even know any account passwords.