My first car was a Jaguar XJ220, pictured here for anyone who is interested. I also grew up on Melrose Place and my mom’s maiden name is Hornswaggle. I was born January 9, 1904.
Okay, maybe that’s not all true. In fact, none of it is. But protecting my identity by lying is one of the best steps I -- and you -- can take in protecting our accounts from hackers. Why? Because typically those security answers we’re asked to provide if we forget our passwords are pretty easy to answer by someone intent on doing so. Your high school mascot is easily findable via Google search if you list your alma mater on your LinkedIn or Facebook page, or register on a reunion site. A quick Intelius search can reveal the streets you’ve lived on. That silly Facebook survey you took about concerts you’ve attended? Yep, that “out of wallet” information made you vulnerable to identity theft. And when you use the same answers to security questions across all of your accounts, hackers have the ability to wreak havoc in a matter of minutes.
In the fall of 2016, Yahoo was massively attacked. 500 million (million!) of its users’ data was compromised, and not just the usual passwords and email addresses. This time, hackers gained access to the security questions and answers that Yahoo users had chosen as a means of resetting their passwords. That supposedly secret information -- their mothers’ maiden names, the streets they grew up on, their first pets -- was all compromised, giving hackers a virtual treasure trove of information into the lives of their victims.
Information gleaned from social media or Internet searches is incredibly valuable. It can be used to access your existing financial accounts and also open new accounts in your name. Combined with your name and Social Security Number, it can also be used to file a tax return in your name, claim your refund, gain access to medical records, or take out a mortgage. It’s a huge, huge problem.
We spend a lot of time coming up with tricky passwords and that’s great, but even the most encrypted password means nothing if a hacker can reset it by answering your security questions. So, as they say, lie like a rug. These 3 tips will help.
Lie in your response to questions, but also use a combination of characters that would be difficult for someone else to guess. My first car, a Jaguar XJ220, might be best answered, “J@gU*rXjay220”.
If your lies fail you on one credit card account, for example, don’t hand scammers the keys to all your other accounts. Tell Visa your first car was a Jaguar, your bank it was a VW, Facebook a Toyota, and so on. This will at least contain the damage to one account if you are hacked.
Keeping track of your tangled web of lies is going to be tricky, but it’s important because it’s the only way you’ll have access to your accounts if you forget your passwords. Also, many companies do not allow you to change security answers once you establish them, so keeping it all straight is essential. It’s not a terrible idea to write your answers down and then hide them in a secure location like a home safe.
Innocuous-seeming questions remain a weak link in our online authentication systems. So does the “it can’t happen to me” syndrome. Identity theft can most certainly happen to you. Until we have a better system in place for authenticating our identities, our best bet is to lie and keep the hackers guessing.