My online security "Whoa" moment

I've worked in IT all my adult life and more than a few in the data security sphere. You'd think I know everything I'd need to know about IT security, but occasionally something makes me sit back and take notice. Our online world is something that requires a multitude of logins, passwords, and security questions, and making sure they are secure is a constant battle.

Passwords are your first line of defence, yet you'd be surprised how many people use the same password in multiple places. Some even use passwords like "password", "qwerty", or "123456"! All three of these are listed in the top 25 passwords revealed in various data breaches. Password strength is of paramount importance. The longer and more complex the better. So is additional security like two-factor authentication (2FL) offered by some sites.

Having a password manager helps. It means you only have to remember one login and password for the password manager itself, and it records the logins and passwords for the various accounts you use. It also helps generate secure passwords. Some even give an indication of how long it would take for someone to crack it.

The point of this post and what contributed to my "whoa" moment wasn't anything to do with passwords. It was to do with account recovery. You know those security questions you're asked to complete on some accounts. Things like:

• What was the name of your first school?
• In which city were you born?
• What is your mother's maiden name?
• What was the make of your first car?

When faced with this scenario, how did you answer? If like me you gave honest answers, join me in detention after school. Here's the thing, there is no reason why you should give honest answers. In fact, the site wouldn't know even if you were. So what are the reasons for disobeying your parents and being dishonest?

To answer this, let's go back to the strong passwords. Using what some consider strong passwords, could make it easier for criminals to gain information about you. Armed with this information you or others can be tricked into a scam. Plus if they know information about you and you use this as one of your passwords, that's your account compromised.

So what's the answer? Well obviously false information about yourself. One idea I've heard about is using a fictional character. If you answer the security questions using your imagination of what the character would answer, you've a unique set of answers. Remember they don't even have to be real objects. Let your imagination run wild.