Security ‘Challenge Questions’ and the social web

Lately I’ve been a little paranoid about posting details about myself on the social web, especially Facebook. In fact I’ve completely gone off it (never been a fan of it from the first). I’m surprised by the amount of personal information people post on the social web.

One of my concerns is related to the ‘Challenge Questions’ provided by major websites such as Gmail, Hotmail for authentication, mostly during account recovery. Take for example the Challenge Question offered by Gmail:

What is the name of your manager at your first job?
What is the name of your best friend from childhood?
What was the name of your first teacher?

Answers to most of the above questions can be garnered by a little digging around your social stream, making it easier for the malicious person to hack your account. Aggregators such as IdentEngine, a Javascript library, can make it even easier to locate your profiles around the social web. In short, the social web “leaks” security information.

Read More