The Problem With Online Information
The problem we have is that once something is put onto the internet, it’s VERY difficult to remove it. Although the website that originally had the information my not exist anymore, there is a good chance that services such as Google Cached Pages have archived this information so it will continue to be available for years to come. For some data, page caching is great! For your personal data, not so great.
“My Password Is Strong, I’m Happy”
Lets assume we have a lot of personal information available on the internet. “So what?” you may ask. I used to ask the same question. No one knows my passwords, my Pin numbers or have access to my email account so what can they do?
We use passwords to access pretty much our online accounts, ranging from Facebook to online shopping to online banking. I can probably guarantee you that most of you re-use the same password across many of these websites. It’s got to the point where you have so many accounts it would be almost impossible not to. Whilst this is by no means ideal and very insecure, especially if one of the sites you frequent is compromised by hackers, it might just be secure enough for most of us as a good password isn’t easy to hack. However, regardless of the strength of your password, a major the security weakness is the processes that are put in place to check that you are who you say you are when you have ‘forgotten’ your password.
There are many good, secure password managers available that you can use to avoid using the same password over and over. LastPass and KeePass are a couple of good examples.
You’ll Never Forget Your First Pet
The type of checks I am referring to are the ‘Secret answers’ to generic security questions that we often have to fill in when we are signing up for online accounts. For example:
I’m sure you all recognise these questions. It’s the continued reliance by many websites on these types of questions that is the weakest link to our online security. Knowing the answers to these ‘simple’ questions will usually get you access to your online account. Someone else knowing the answers to these questions will get them access to your online account.
Social Engineering
Regardless of technology advances the biggest problem we have around online security, is You. And the main issue both we and our employers face is Social Engineering.
Social engineering, in the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information.
Putting It All Together
Armed with your personal data found publicly on the internet an attacker can often easily answer many of those simple ‘Security’ questions without even speaking to you. Many answers can be found via peoples Facebook profiles. I recently posted a simple article with tips on Increasing your Facebook Privacy that will help reduce the amount of personal data members of the pubic can view from your Facebook profile.
If there isn’t specific information available online that an attacker might need, it can be quite easy for them to Social Engineer a conversation with you to find out the extra information. Quite often these conversation will not take place in person as we are taught from a young age ‘not to talk to strangers’. However, do we follow this advice online? How many of us have had conversations on a Facebook group page with a complete stranger? I would imagine, most of us. This is when it becomes easy for someone who we don’t even know to engage us in a conversation about something as mundane as their dog. As the conversation progesses at some point they may ask if you’ve had pets – before you know it they know the name of your first pet. It’s that easy. Such an innocent conversation about dogs can give them enough information to access one of your online accounts. And many of use wouldn’t even notice what we’d even told them.
So How Can We Protect Ourselves?
Do this for every question, even your date of birth. Personally I use something like 01/01/91 as it’s easy to remember, but feel free to chose your own date. Your first car, put in your favourite car that you’ll never be able to afford. That way if someone was to have access to your Facebook photos and find out what your first car was from some old photos, they would always get that security question.
NOTE: For some online account such as bank accounts, the security questions such as ‘date of birth’ will need to actually be your official DOB as it’s legally part of the Banks process.
It’s a simple concept, but one that could help you be just that little bit more secure as more and more of ours life goes online.
Another VMworld is upon us!!! Sadly, it's only virtual again this year. However, that does…
As part of my recent move to Google, I'm working on quickly getting up to…
I am delighted to announce the next chapter in my career. Today is my first…
In episode thirteen of The VCDX Podcast, I am joined by two special guests who…
In my recent ‘Getting started with Oracle Cloud VMware Solution (OVCS)’ post; Getting Started With…
In my recent ‘Getting started with Oracle Cloud VMware Solution (OVCS)’ post; Getting Started With…