You know, I work with people all day, every day, helping them to be secure when they’re computing in the office and at home. It’s not full time or anything, but it’s one of my (many) focuses and I do want people to be safe. But it’s mostly thankless, and some days I feel like I’m wasting my time.
There’s a t-shirt somewhere that says “Social Engineering: Because There’s No Patch for Human Stupidity.”
Case in point:
College boy (and son of Tennessee Rep. Mike Kernell) Kevin Kernell hacked into Sarah Palin’s personal e-mail account after he heard about it.
“Kernell allegedly obtained access to the account by guessing answers to security questions on the account and resetting the password for the account to “popcorn.” (Which he then posted online to a forum…”
Did you get that? Some random kid guessed the answers to the security questions that the ex VP nom had in put in her email account. No patch for that.
Word to the wise, people: Use better questions and answers. If you put your birthday in as a security question, guess what? Facebook knows your birthday. So do 35 million other people.
How about “What’s my honeybunny’s birthday?” Guess what. We can figure out your honeybunny is your husband. Your husband’s birthday isn’t very hard to find, either.
If you want a good question that you’ll remember and will be hard to guess, try something like this:
“What color was my first car?”
“What make and model was my first car?”
“Who was my first grade teacher?”
“What was the cross street where I grew up?”
Now, someone REALLY dedicated to getting into your stuff could find the answers to these questions, but he’d have to look long and hard and chances are good he’d move on to an easier target.
Next lesson: How to create a good password and why you need several.
compu-diva.com 
Maybe I should change mine to the name of my first boyfriend. I doubt even my siblings could get that one.
LikeLike
That would be a great question – I’ll add it next time I have to explain this all to someone.
LikeLike
have you been hanging out at the gimcrack? we just received an email from HR telling us all our passwords have to be changed immediately to “strong” ones.
We now have to use 8 characters which include some capitals, some numbers and some symbols. Grrrrr…. I have 9 different programs I use at work and most of them have to have different passwords. this will do my head in, especially as they make us change them every 60 days
LikeLike
i typically use a variation on the phone number of my best friend from kindergarten. not only will no one know it, it was unlisted… i have a standard 4-digit extraction from that. and have other mnemonics to remember the first four if alpha are required. when in doubt, i write them down in my blackberry – semi-encrypted.
LikeLike
DF – All I can say is I LOVE GEEKS.
LikeLike
I usually use obscure goddess names, especially long ones, and change pantheons every so often. I also “recycle” pin numbers. My pin number at the library is the one for my old, expired debit card, and hasn’t got anything to do with anything.
I had a friend in the computer industry tell me that the most common password she encountered was “password.”
LikeLike
A lot of places uses “password” as the default password and then people don’t change it. Linksys routers are all like that. If you don’t change it, Surprise! somebody else gets to configure your home network.
LikeLike