There are many techniques that hackers employ (white hat and black hat, and those in between) to gain access to systems – one category of these techniques is social engineering. Have you ever created an online account, and when filling out the secret questions, wondered how this could be used by someone that’s not you? If you’re an honest person (or just simply not paranoid enough to care), you likely fill these secret questions in a way that is easy for you to remember, which is generally the truth. The problem with this is that anyone that knows you could also use this information to reset your password and gain access to that account. Even if they don’t personally know you, that won’t necessarily stop them from finding out this information – through phishing, or even just searching your online profiles they might be able to gather enough information to perform this attack.
How can you defend against this? Well, one convenient way is to make use of your password manager (which you should already be using! If not, see here). Password managers such as KeePass (or my preferred version, KeePassXC) and Bitwarden allow you to add notes to any entry, which allows you to add any secret question information. Just make sure that you also include the secret question, so you don’t get muddled up. Also, KeePassXC has a nifty feature to “protect” any note entry information (handy for mitigating against shoulder surfing) – all you have to do is edit an entry, either by double clicking it, or right click the entry and select “View/Edit Entry” as shown here,
Then click on “Advanced” on the left-hand side, click “Add” on the right-hand side and then click “Protect” while you’re editing the entry. You can set up an entry for each secret question. There are other ways to protect your information online, though you have to keep in mind that falsifying information such as your name is against the Terms and Conditions of many websites – and may be against the law in some instances, so use caution when attempting to obfuscate certain information. Other than that, make sure you keep safe online!
As always reader participation is not just welcomed, but encouraged! If you have any suggestions, corrections or anything in between, feel free to leave a comment. If the content of this blog is gobbledygook and you are in need of data recovery or other IT services, head on over to our Web Shop (currently undergoing maintenance). Want a good laugh? Check out our blog created entirely by artificial intelligence (AI)
We’ve done the research, so you don’t have to!
Thanks for reading!