If you shop or bank online you probably noticed an additional security layer in addition to providing your username and password. I’m referring to the additional security questions that ask for your older sibling’s middle name, the name of your first love or even your favorite make of car. This additional layer of security is called Knowledge-Based Authentication.
The idea behind this form of authentication is that the questions are so very vague that no one except you should know your unique answers. Unfortunately, the answers to some questions can be found through online research such as your mother’s maiden name, your favorite movie or your younger brother’s favorite color. Online research can include genealogy websites, search engines and even social networking communities. As we make ourselves available for the whole world to see at social networking communities, we can provide a basic image of our personality, likes, dislikes, aptitudes, limitations, and strengths. If a malicious hacker targets us as an individual, odd bits of information put together can provide enough information where they can try possibilities till one is valid. This is the reason no one should post personal information that can be pieced together to identify your name, location or phone number.
Criminals can also get your information through keystroke loggers and spyware. Installing, updating and using anti-virus and anti-spyware software are very necessary protection when a computer is connected to the internet.
Getting duped by a phishing scam can provide the phisher with your logon credentials (including your personal answers) when you unknowingly respond and unintentionally provide your information at the phisher’s webpages. Phishers are getting more sophisticated in their duplication of websites and try to be as accurate as they can with imitating the interfaces of websites with high traffic. So, they may incorporate the second logon webpage that asks for your answers to security questions.
As internet users, we can help protect our information online by making it as tough as possible for malicious hackers and anyone who knows us to access personal information without permission. Knowledge-based authentication is to confirm you are the same person who originally registered and not an imposter who happens to have your username and password. Banks need personal identification such as mother’s maiden name, driver’s license number, proof of address or social security number when opening an account to verify that you are really you and not an imposter. But, they don’t need truthful answers to the security questions. The security questions at their website are for their network to help identify you as you and not an imposter. Use common everyday words for answers to security-authentication questions such as table, chair, word, or correct. Just be sure of two things: the answer makes no logical sense in response to the question and you use different answers to the same question at different websites just as you do with username/password combinations at different websites. Now, if someone tries to guess the answers, they won’t be able to. Who would think that my older brother’s middle name is chair?
No comments:
Post a Comment