Heads up: Three hacks to thwart a hacker
(Words by Alissa Johnson, PhD, Chief Information Security Officer, Xerox)
Challenge questions are those questions that you set up with your own personal answers to help websites know that it’s you – not a hacker. This only works if you are the only one who knows the answers.
Most of the time we answer our challenge questions truthfully, and other people know those truthful answers. This is how the hacker wins. Questions about your mother’s maiden name, dog’s name, and favorite color are easy to answer by looking at your various social media accounts like Facebook or Instagram. Your answers can also be easy to derive from online resources, pictures, friends, etc.
Three quick tips to securely answer challenge questions
1. Don’t answer truthfully
No one says your challenge questions have to really apply to you, or that you have to be honest in answering them. They make these questions relevant to you, so that it is easy to remember the answer. But it is also easy for the hacker to figure out as well. The key is being consistent. For example, if your favorite color is pink, don’t use that as an answer to a challenge question. For online purposes use the color blue. Just a little work in creating new answers for challenge questions can go a long way to protect your information.
2. Consider creating a different persona
Create a completely different persona when answering any questions online about yourself: Use a favorite celebrity’s information as yours, or your spouse’s information, or create a completely different persona just for online challenge questions. The key is to be consistent so that you won’t forget.
3. Put in the work!
I cannot stress enough the importance of putting in a little work when creating your answers. Tips online tell you not to choose questions with hard to remember answers. That is a great tip to make it easy for you, but if it is easy for you to remember, it will be easy for a hacker to figure out. Put in the work to answer in a difficult manner, and then commit those answers to memory.
The less your challenge questions relate to you, the possibility reduces in the amount of people who could guess that information. Just remember to commit your answers to memory.