In today’s Internet Archaeology issue we will talk about security questions that everyone has once encountered when trying to log into an old email or social media account, mobile bank application. Why do we still use them? What is the point in asking your mother’s maiden name in the 21st century? Where do they come from and how can hackers easily find the name of your first pet – read on to learn more.
The Internet now is full of headlines about that we have to retire security questions, that all this “personal information” is no longer private in the internet era etc. In this article we decided to dig into the topic: do these security questions still protect us from hackers and intruders or should we leave this vulnerable protection mechanism in the past?
There are many mechanisms created to protect our personal information, our private accounts and data, such as various antivirus programs, firewalls, two-step authentication processes, passwords and security questions. However, passwords and security questions are far from a flawless security solution. They can be stolen, picked or spied on quite easily.
Columbia University professor and IT expert Stephen Bellovin found out that the secret question "What is your mother's maiden name?" has been used since 1882: American banker Frank Miller invented this system to encrypt telegrams with personal data of clients. He also created a complex codebook for bank transfers.
«It would probably have been used when wiring money to someone», said Bellovin. «The message would be from one bank to another, saying (via codewords): “Give $XXX to Joe Smith; he will authenticate himself by saying that his mother's maiden name is Jones”».
And if before it was quite hard to find mother’s maiden name: women almost always changed their names when they married, there were fewer divorces, and there were no such handy tools like Facebook or LinkedIn, where you could easily find anyone’s maiden name. The same is the situation with the name of your first pet: someone can just google your childhood photos, make a little research and here you are.
Basically, security questions are rudimentary nowadays and in most cases it’s better to use complicated and strong passwords, two-step authentication, fingerprints, reliable antivirus protection and password managers, such as Dashlane to keep all your passwords in one place.
Photo – 123rf.com; Frank Miller: Inventor of the One-Time Pad