NCSAM 2019 – Protect IT. – Learn to Lie!
We all grew up to learn that lying was wrong. As we got older we learned that a lie was sometimes necessary for the greater good. It’s all about perception and circumstances. To protect yourself online you need to lie.
How many times have you forgotten a password. Plenty I’m sure. Now you have to recover or change that password to access an online account you rarely use. Your mistake? Answering all those password recovery questions honestly.
You know how password recovery works. The site asks you what was your high school mascot? You answer and bang you get a new password. But did you stop to think how easily that information is to obtain. A simple Google search of your high school can reveal that data in seconds. How about your Facebook page? Your LinkedIn profile? Even your profile on your employer’s website. Let’s face it; you are an open book and its your own fault.
There is a way to avoid a massive and personal credential theft attack. That’s what we’re talking about here; theft, hijacking, hacking or whatever you want it call it of your online accounts. Always use a unique password for every single online account you have. That means a different password for Twitter, email, , Netflix, Amazon, Yahoo! and whatever other online services you may use. This way if you get hacked and lose control of an online account all the other accounts are safe because there is a different password for each.
Cyber criminals use a method known as credential stuffing. They will enter the email and password combinations stolen from one of your accounts into other online services. The website will respond with one of several answers. Either the email incorrect, the password is incorrect or both. If the hacker can determine that the password is incorrect and he or she knows enough about you they can research the answers to your security questions and get your password changed. Now they can control the account. Most hackers will even change the security questions so you can’t reclaim the account. Kiss it goodbye! If its you bank account or other financial service you could be looking at financial catastrophe.
Are you using two-factor authentication? If the hacker gets you user name and password they can still be blocked from your account if you are using that security step.
Now, how to fix the problem? Learn to lie!
Keep track of your passwords using a password manager. That helps to manage those long complicated passwords most websites require. When it come to those security questions here is great tip…LIE!
You’ll have to keep notes but create fake dates, favorite sports teams, pet names, fake it all. Here a way that can make that even easier. Sit down and create a fake person on paper. Give them a fake name, fake birthdays, fake parent’s names, husband, children, pets, jobs, create as many fake details about this person as you can think of . Write it all down somewhere and refer to it whenever you need to answer security questions. Of course some websites will require your real name and other details, but the security questions are where you protect yourself against credential theft.
Its National Cyber Security Awareness Month. Protect IT!