A quick question:

How many people know your mothers maiden name/first pet’s name/frequent flyer number etc?

More than you’d think.

Every time you sign up for the latest website, service or  account you’re asked for details like this as a security procedure in case you forget your password. Often this information is all that stands between someone and complete access to all of your accounts.

Let’s look at an example:

1: You decide to try out the latest Twitter clone/social networking site/stupid Facebook application.

2: As part of the sign up process you are asked to provide your email (they promise they won’t share it with spammers) and the name of your first teacher (the ’security’ question).

3: You fill in the details and enjoy your new toy.

All seems fine so far right? Wrong! You may just have given away access your email account and probably a lot more besides. Say you’ve entered your email address as ‘jimbowejs@gmail.com’, and supplied your first teachers name as ‘Bob’, all an unscrupulous site owner needs to do is head over to gmail, claim to have lost the password for their account and fill in the details you’ve just given them. They now have access to your mail, and let’s not forget to any other sites that you’ve registered for with that email address.

What can be done to stop this?

Be careful with your security questions! When you can choose your own question it’s a good idea to do so. If you do use your own questions, consider not giving a question at all, but a clue to the password that only you would know (you can then give a random answer).

Try to know at least a little bit about who your giving details to before signing up for ANYTHING.

And, of course, use different passwords for different sites. You’re only making an attackers job easier if they can just use the exact same password you just signed up for their ’service’ with to login to your mail/banking/PayPal…