Thursday, September 4, 2014

Secret answers: the easiest backdoor that bypasses hard to guess passwords

The iCloud Hack case may have been undesirable for all those with private photos exposed to the world, but it will force companies (and users) to reevaluate online security systems. There are lot of vulnerabilities out there, and sometimes not even the world's most secure password is enough to keep your account safe...

Most services provide systems for you to recover your account should you forget your password. Many of them rely on "secret answers" to questions "only you" should now. In theory, this should be a easy way for users to prove they're who they say they are... in reality, the system often fails miserably.

The point is, maybe a decade ago things like "city where I was born", "mother's maiden name", "father's middle name" and so on, were things most strangers would have a hard time figuring out (though a family member should have no trouble doing), but today... most of those answers are probably published somewhere on Facebook, just a search query away (not to mention those that can be answered using simple guesswork, like "what's your favorite color?")

So, next time they ask you for you favorite color, city you were born in, etc. just answer things like "klj234098sladjS" and other randomly typed text. That way you'll be able to sleep better at night, knowing though you may be hacked, at least it won't be via this easily exploitable "official" backdoor.

No comments:

Post a Comment

Related Posts with Thumbnails

Amazon Store