January 10, 2017
"Want to know your Star Wars character name? Your Professional Wrestling Name? Your My Little Pony name? Just take your birth month, or the street name of the first house you lived in, the city you were born in, your mother’s maiden name, name of your childhood best friend, first name of your spouse’s father and post them below."
What’s the concern? These seemingly innocent games have you post your personal information in public on social media. Many of these questions are also questions that financial institutions use as extra security measures, especially when you login from a foreign location. Answer enough of these games on social media and a targeted attacker will have no problem gaining access to your bank account or other online services.
The most obvious way to protect yourself from revealing your personal information with these games is to not play them. The alternative is to use fake information when answering the security questions. If you use a password manager (see blog post here about password managers [1]), you should be entering random strings for the security questions and saving those in the password manager.
What is the name of your first pet? nqb$2CB*#46%2k*n
What is the name of your best friend? H%MgpMfpx#8A822P
While this does increase the effort involved in logging into your bank account, it is much less effort than recovering from having your identify stolen or your bank account compromised.
Written by: Brendan Hohenadel (Cyber Forensics Analyst, Information Security)