Security ‘Challenge Questions’ and the social web

Lately I’ve been a little paranoid about posting details about myself on the social web, especially Facebook. In fact I’ve completely gone off it (never been a fan of it from the first). I’m surprised by the amount of personal information people post on the social web.

One of my concerns is related to the ‘Challenge Questions’ provided by major websites such as Gmail, Hotmail for authentication, mostly during account recovery. Take for example the Challenge Question offered by Gmail:

What is the name of your manager at your first job?
What is the name of your best friend from childhood?
What was the name of your first teacher?

Answers to most of the above questions can be garnered by a little digging around your social stream, making it easier for the malicious person to hack your account. Aggregators such as IdentEngine, a Javascript library, can make it even easier to locate your profiles around the social web. In short, the social web “leaks” security information.

When Scott McNealy remarked in 1999, “You have zero privacy anyway,Get over it.”, he was right on the technical front but wrong otherwise. You still have control over of how much personal information about you floats around the web; it may be a little harder but not impossible. The important point is to be alert and proactive when divulging important information around the web.



2 thoughts on “Security ‘Challenge Questions’ and the social web

  1. Completely agree, mate of mine lost his job after playing a sick day and then posted a load of photos playing golf. Idiot.

    What is frustrating is third party emails that come from nobody companies. It should be illegal for any company to sell on our personal emails addresses.

Comments are closed.