by Robert Siciliano

Personal Knowledge or “Qualifying Questions” as Authenticators

May 04, 2010

How many times have you forgotten a password?

How many times have you forgotten a password? Fortunately the website you were on only needed your username or an email address and they would respond with a few questions for you to answer. Once you responded with what was in the system you then re-set your password and you’re in. Easy peazy. What’s your favorite food? Where did you honeymoon? Your first pets name? Name of your first car? The name of your elementary school? Your fathers middle name? All these questions are meant to replace that used-to-be-secret-obscure word that only you and your parents would know the answer too – your mothers maiden name. Then came,, Google and for crying out loud Facebook. Now much of this information is available by doing a quick search online via public records or it’s easy to guess if the “hacker” is an acquaintance. I’m a member of an organization in which I have been granted access to a bank account we have. But I haven’t accessed the account in months. Since the last time I logged in the bank instituted a qualifying question as another layer of protection. Instead of calling the other person who was also managing the account I simply guessed the answer. “Where did you go to high school?” I didn’t know where this person went to high school but I knew where his mother lived. I entered the name of the town and BOOM, I was in. It shouldn’t be that easy. 1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief. 2. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures) Robert Siciliano Identity Theft Speaker discussing hacked email on Fox News.