It seems that recently, most of the tech news sites are abuzz about how Paris Hilton’s cell phone got hacked into. At first, like most of the tech community, I found it amusing – nothing more. Now, however, speculation has surfaced that her password protection may have been circumvented through her “secret question,” allowing the hacker to reset her password and gain access to all kinds of… well… “sensitive” information.
The hacker didn’t even have to know her password, he simply guessed her secret question. This certainly puts into perspective how vulnerable those secret questions are to break-in attempts. Let us think for a moment of a few of the most common secret questions…
- What is your mother’s maiden name?
- In what city were you born?
- What is your favorite pet’s name?
How hard is it to find the answers to these questions? For most of my friends, I already know their answers. They know I would never even consider exploiting that information, just as I trust they wouldn’t abuse mine. But how many people out there know your e-mail address AND your mother’s maiden name? They might as well just have your password as well.
Even if the hacker doesn’t know a victim personally, it’s amazing how many personal details are made freely available on the internet, usually published by the victims themselves through instant messenger profiles or personal websites. Just think, you visit a random personal website of someone and see this (Note: this is all completely fabricated out of my head, don’t think I actually copied this off someone’s site):
Hi, my name is Jennifer Soandso, and welcome to my website!
A LITTLE ABOUT ME:
I was born in Seattle, WA in 1984. I have green eyes, brown hair, and a black lab named Goober. He is the best dog ever! E-mail me at firstname.lastname@example.org
Already, just from this little blurb, the target has given three pieces of information for hackers to exploit: Seattle, WA, Goober, and an e-mail address (commonly used as a login to many websites).
I already have a lot of personal details floating around out there, and thanks to the dynamics of the web, they’re not going to disappear. I don’t recall ever setting up secret questions at any websites I’ve registered with, but armed now with the knowledge of what a security risk they are, I think I’m going to look around and make sure that I don’t have a secret question set up somewhere that could easily be answered through a little web research.