Thursday, 8 October 2015

Want to Know the Answers to Security Questions? Make a Facebook "Fun" Quiz.

Being a sysadmin, I constantly think about risk assessment and security.  A tricky task is to think of ways to inspire and imprint better behaviours in others, and do it in an engaging and non-intimidating way.  The goal is to get people to understand, themselves, so they know it's important enough to care about.  Unfortunately, it's even harder to get people to pause before they do what they usually do with their assumptions.

"What's your rock star name" and "what's your superhero name" - type quizzes  have been around for ages in magazines, but there seem to be even more of them recently on Facebook (sometimes posted from a third-party site).  Some of the suggestions/questions are harmless, but I've noticed there are a few floating around like: "for your rock star first name, use the name of your first pet", or "your mother's maiden name".

As in, on this public forum under your full name, please post what you use as an answer for security questions for your bank, email, etc.

Even if the 3rd-party site isn't involved, you can bet someone else is scraping that data.

I'll be having a word with my family and friends.