- Twitch streamer says she’s receiving backlash for ‘getting men banned’ 3 Years Ago
- ‘Game of Thrones’ fulfilled a twisted version of its biggest prophecy Today 8:17 AM
- Minions memes are more popular than the far-right on Telegram Today 7:35 AM
- ‘Best of Nextdoor’ reveals the true insanity of modern life Today 7:30 AM
- How to watch ‘Jeopardy’ for free Today 7:00 AM
- There’s a water bottle hiding in the ‘Game of Thrones’ finale Today 6:46 AM
- What happens to Disney’s Loki TV series after ‘Avengers: Endgame’? Today 6:30 AM
- Brienne writing Jaime’s history is the best meme from the ‘Game of Thrones’ finale Today 6:25 AM
- How to stream live TV on PlayStation 4 Today 6:00 AM
- How to watch Disney XD online for free Today 5:30 AM
- Who survived the ‘Game of Thrones’ series finale? Sunday 10:21 PM
- Justin Bieber fans are damaging one of Iceland’s top tourist spots Sunday 1:28 PM
- James Charles drops 41-minute response video to Tati Westbrook’s accusations Sunday 1:15 PM
- Watch what happens when this Twitch streamer quits his job on camera Sunday 12:25 PM
- Men are finally sharing their abortion stories Sunday 10:58 AM
Treat your security questions like a riddle only you can decipher.
“A recent investigation by Yahoo … has confirmed that a copy of certain user account information was stolen from the company’s network in late 2014 by what it believes is a state-sponsored actor,” the company wrote in a statement. “The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers.”
Let’s say you’re the owner of one of those half-billion Yahoo accounts. You’ve changed your password and, since you were smart, you didn’t repeat that same password across other online accounts, which would put those accounts at risk as well. (If you did use that same password for other accounts, let this be a lesson that you need to STOP DOING THAT).
That’s not the only less here. You should also update your security questions, but doing that poses a problem: Your password may change, but your mother’s maiden name, for example, is forever.
A much better way to think about security questions is to treat them like a riddle to which only you know the answer, but has no basis in reality.
The fundamental weakness in the security questions typically used for password recovery is that, like Social Security numbers, they’re usually permanent. They are often easy to for a dedicated attacker to guess. When a hacker compromised the personal email account of erstwhile Alaska Gov. Sarah Palin—a Yahoo account, by the way—all it took was guessing the answer to her security question, which was about where she met her spouse. The answer, as it happened, could be located on Palin’s Wikipedia page.
The problem is that people treat security question like things that should be answered with the objective truth. A much better way to think about security questions is to treat them like a riddle to which only you know the answer, but has no basis in reality.
A good way to do this is to set up a system that applies arbitrary information to your security question answers.
So, say you use one that’s entirely based on The Simpsons. If a question asks where you met your spouse, set the answer as “Springfield High School.” If a question asks for the name of the street where you grew up, set the answer as “Evergreen Terrace.” If it asks for the name of your first pet, say “Santa’s Little Helper.” It works because, honestly, you probably have a better grasp on Simpsons trivia—or whatever nerdom you subscribe to—than you do on the actual details of your own life.
Or just set all your answers to different types of tacos, because, if you know one thing in this crazy, mixed-up word, it’s that tacos are delicious.
Whatever system you pick, make sure that it’s easy to remember. In that case, even if you forget the specific answers you set to each individual question for each individual site, you should still have a pretty good idea of what your answer were.
If you do all that, you’re just ensured all of your online accounts are just that much more secure.
Aaron Sankin is a former Senior Staff Writer at the Daily Dot who covered the intersection of politics, technology, online privacy, Twitter bots, and the role of dank memes in popular culture. He lives in Seattle, Washington. He joined the Center for Investigative Reporting in 2016.