In Protecting Your Passwords- Part 1, I talked about how and why to create secure passwords that are difficult to figure out.
“My accounts have security questions, so even if they figure out my password, I’m fine.”
Think about the answers to your security questions. Most of them are probably streets you used to live on, family members’ names, jobs you wanted, favorite colors, etc.
Now, if you do not participate in social networks, you might be fine. But, if you do, how many of those answers can be found on your Facebook profile? Or your KIDS’ Facebook profile?
Allow me to break this down for you: A hacker has targeted you to steal your information. He has loaded all of the possible dictionaries he can think of into his password cracking software. He also was using the same wi-fi as you at Starbucks and has been watching what you browse, so he has loaded all of the text from your favorite sites into his software. An avid cyclist that browses cycling sites frequently? I hope you don’t use cycling words in your passwords. (This can also be done if a neighbor hacks your wi-fi password at home.)
The software quickly finds your Facebook password, since you use your kid’s name and the year your first kid was born. Only took a few tries to guess that year, because the decals on the back of your car in the parking lot give him an idea if your kids are toddlers, preschoolers, school age or teenagers, so he dumps those names and possible dates into his dictionary.
Hopefully, you don’t use this same password for your email, but let’s say you do. He is now sifting through your email looking for statements from all of your banks and credit cards (because it pays to be paperless- we are saving trees!). Now, he knows everywhere you bank. Since he also has access to your email, so all he has to do is log into those sites with your email and click “Forgot Username.” Most banks will send your username right to you.
Now he has your username to your financial information. Luckily, you read my previous post and changed up all of those passwords. He has two options: run his password cracker again, or just click “lost password.” Since he is in your email, and has changed your password so you can’t get in, he could easily just change your password when they send that link.
However, our hacker likes a challenge, so he is going to run his software. It takes a few months, but he finally finds your passwords. But, uh-oh, now he has to answer a security question!
Now he is going to go back to your Facebook and find out your favorite color, your favorite uncle’s name, what year you were born (easy enough to scroll back a year and find those “Happy Birthday” wishes and do the math. . . someone always sells out our age!) or almost any other possible answer to a security question.
Changing passwords regularly is important. The above scenario may seem unlikely, but it happens far more often than anyone cares to admit.
The scenario also makes a case for being very careful about what personal information you or your kids put on your social network profiles. We all know the dangers of stalkers on the Internet hunting us down, but that activity doesn’t happen nearly as often as identities being stolen.