The issue with Security Questions
A lot of online enterprises these days use security questions as a safety net in the event you get locked out of your account. You can answer the security questions to recover access to the account and update your password. Sound familiar? Most people see these as a blessing to make sure they always have access to their accounts because they are not going to forget answers like “Who is your youngest sibling?” Or “What High School did you go to?”. Though a safety net to you, these security questions open your account up for any attacker that knows how to get the correct answers. There are multiple vectors, From social media and email, to social media, and using Social Engineering
Unfortunately, you may have been the one that gave them the answer to your security question, that in turn gave them access to your account. Most of the security questions out there are very generic and for someone that is all over social media, it’s not hard to find the answers to a lot of the questions on their facebook or other social media platforms. Also, They can use Social Engineering In an attempt to get the answers to those questions.
How Can I Protect Myself?
Most services do not allow you to choose the questions that you are asked, but they do let you choose the answers. We suggest using a combination of practices to add more to what is needed to get the question correct. Some things that can be done:
-Add a password in front, or behind the answers
-Use more than 1-word answers
-Don’t use security questions if you can turn them off in your account
You should also always use 2-Factor authentication when possible.