You know, I work with people all day, every day, helping them to be secure when they’re computing in the office and at home. It’s not full time or anything, but it’s one of my (many) focuses and I do want people to be safe. But it’s mostly thankless, and some days I feel like I’m wasting my time.
There’s a t-shirt somewhere that says “Social Engineering: Because There’s No Patch for Human Stupidity.”
Case in point:
College boy (and son of Tennessee Rep. Mike Kernell) Kevin Kernell hacked into Sarah Palin’s personal e-mail account after he heard about it.
“Kernell allegedly obtained access to the account by guessing answers to security questions on the account and resetting the password for the account to “popcorn.” (Which he then posted online to a forum…”
Did you get that? Some random kid guessed the answers to the security questions that the ex VP nom had in put in her email account. No patch for that.
Word to the wise, people: Use better questions and answers. If you put your birthday in as a security question, guess what? Facebook knows your birthday. So do 35 million other people.
How about “What’s my honeybunny’s birthday?” Guess what. We can figure out your honeybunny is your husband. Your husband’s birthday isn’t very hard to find, either.
If you want a good question that you’ll remember and will be hard to guess, try something like this:
“What color was my first car?”
“What make and model was my first car?”
“Who was my first grade teacher?”
“What was the cross street where I grew up?”
Now, someone REALLY dedicated to getting into your stuff could find the answers to these questions, but he’d have to look long and hard and chances are good he’d move on to an easier target.
Next lesson: How to create a good password and why you need several.