October 2014: You’ve probably heard that hackers stole hundreds of naked photos from celebrities’ private iCloud accounts and then distributed them online. But you may not have heard how they got the photos. Rather than concoct an elaborate scheme to power through iCloud’s back door, they just opened it up and hopped right in.
Apple was not hacked. It was outsmarted. As were the celebrities. Here’s a super-simple way to outsmart the outsmarters and protect your accounts — lie!
Security questions can be anything but.
Hackers can guess them, especially if there’s a lot of information about you online. Social media accounts are a treasure trove for data mining and Google is practically omniscient. Add a weak reset tool like Apple’s (they’ve since updated it) and hackers can have all they need to impersonate you, which means they can reset your account and take it over.
This is what the photo hackers did. And it’s how Sarah Palin’s Yahoo! email account got hacked during the 2008 election. And it’s what hackers do every single day to thousands of account holders.
This is why you should lie, baby, lie.
There is no rule that says you need to give accurate answers to security questions — this is not the time to earn your honor badge. And there are no rules (usually) that require you to use your real name or birthdate, either. And your mother’s real maiden name? Puhleaze. Hackers can find those answers in half a minute.
The information you provide is simply data that’s stored by your account provider to help you prove you’re you. So your answers should be something that only you — seriously, only you — will know.
Here are some security questions from Apple along with some answers that are hard to guess:
- What is your favorite children’s book? Potato
- Who was your favorite singer or band in high school? Richard Nixon and the Wailers
- In what city did your parents meet? Fourth Ring, Saturn
- What was the first thing you learned to cook? Beetlejuice
- What was the first name of your first boss? Dexter
And here’s a list of good, fair and poor security questions — you’ll quickly see that even though Apple’s are considered good, telling the truth can still hurt you.
It’s well worth your time to update your security answers even if you aren’t running for office or have people clamoring for your naked photos. And make sure to store your answers someplace safe like your LastPass account and also add two-factor authentication (2FA) to accounts whenever it’s available.
|You may also be interested in:|