Your favorite pet’s name can be hazardous to your online security. That’s the message security expert Jim Fenton delivered in a talk I recently attended at PasswordsCon.
What makes a question like, “What is your favorite sports team?” a security risk? Isn’t answering it supposed to enhance your security? Actually, says Fenton, such questions aren’t intended primarily to enhance your security. On the contrary, Websites make you answer them because it gives them a cheap way to be able to reset your account when you forget your password.
And don’t mistake a security question for a strong security-enhancing technique like two-factor authentication, which is growing in popularity. In two-factor authentication, besides your password, the second component you supply to prove your identity must be something entirely different, such as a fingerprint or a code that the site sends to your mobile phone….