As I scroll through my social media pages, I often come across these polls passed along by friends, family and colleagues. It sounds like a fun way to get to know someone a bit better or to see how well you actually know that special someone in your life.
Okay, this will be fun. As I look through the questions, I answer them in my head: My first concert was Joan Jett and the Blackhearts. My first car was a Chevy Nova. My blood type is O+, my favorite color is green, my first pet was a dog named Please. If I follow the instructions, I am supposed to post these answers and tag everyone I know so they can play, too.
I most definitely will not – not now, not ever – follow these instructions. I constantly lecture my friends, family and colleagues to also forego these social media polls.
Instead of just yelling at my smartphone, let me tell you why these polls bother me so much: they are an identity thief’s greatest tool.
Multifactor Authentication (MFA) is a method in which a computer user is granted access to a private account only after successfully presenting two or more pieces of evidence to authenticate or validate his or her identity by providing specific knowledge of personal information. For internet security, MFA questions are an essential security feature necessary for functions like changing a password or requesting a credit increase.
Personally Identifying Information (PII) is no longer just the basic name, social security number and date of birth that it once was. As technology advances, so must the bad guys. Programmers and developers enhance security by asking questions that no one else should know the answers to (personally identifying) so identity thieves, fraudsters and hackers need to get more creative to get you to provide the answers. They go phishing.
Phishing is the practice of calling, sending emails – or polls- in an attempt to obtain sensitive information by disguising the true purpose. This may be an email disguised or labeled to entice you to click a link, “change” your password or “update” your contact information. The hacker will store the information that you provide and have access to your account. Access to major company databases have been hacked from simple phishing schemes designed to obtain a single user password.
When you create an account for online banking, online shopping, to manage utilities or countless other sites, chances are you have been asked to answer one or more “Secret” security questions. “What was your first concert?” “What was your first car?” “What is your mother’s maiden name?” Sound familiar?
Sometimes the questions in the polls are a bit less obvious: “Who is your favorite uncle?” There is a good chance that the answer to this question will provide a savvy identity thief with your mother’s maiden name. Often the good questions that will unlock your password will be buried by less useful information like “How many tattoos do you have” or “what is your favorite pizza topping”.
There are so many warnings about not writing down passwords and not using the same password for all of your sites. At the same time, passwords have to be so complex: they should be a minimum of eight characters with at least one capital letter, one lower case and at least one special character. So many rules it is no wonder these MFA password reminders are necessary!
Here are just a few helpful hints that I have learned:
- Answer MFA questions with a wrong answer that only you know. For example, “Purple”. What is your favorite uncle’s name? Purple. Where did you go to elementary school? Purple. At what age did you learn to drive? Purple.
- Use a password that fulfills the complexity rules by complicating a common purpose for the site you are on. For example: P4yb!LLsH3re. I will remember “Pay Bills Here”.
- If you absolutely must use your child’s name or birthday, mix it up. M4tt23hew67 (Matthew 04/23/1967)
This is a really strange era of concerns regarding privacy and personal security combined with reconnecting to friends from high school, online dating and oversharing.
Be smart. Be safe.