Password security questions and 2 Factor Authentication


Security Questions (...and stupid answers)

When requested to enter a security question (in case we get locked out of our account or forget out password) most of us tend to choose simple questions like "What is your mother's maiden name?", "What is your favourite colour?", or "What is your pet's name?" These types of questions are not very secure and often the answers are not as private as you thought. In many cases the answers to these questions are just a "Google" away; posts on Facebook and Twitter could give away a lot about your early years or your opinions and favourite things. So anyone with particular interest in you could easily do a little research and unlock your online accounts. A simple trick to protect your accounts in these situation is to use same stupid answer for all of your security questions.

For example:

  • Question: What's your favourite ice cream flavour? Answer: Louis Armstrong.
  • Question: What was the name of your high school? Answer: Louis Armstrong.
  • Question: In what city did you have your first job? Answer: Louis Armstrong.

Therefore the idea is to lie and keep saying the same lie. If you're worried you'll forget the stupid answer, store it in a password manager.


2 Factor Authentication

Stronger authentication/identification of an individual often uses more than one factor; not only do you have to know something like your password, but also you have to have something (such as your smartphone) or present something unique to you (such as your fingerprint). An example of this is the 2 Factor Authentication - here you need two factors to prove your identity. A common example for 2 Factor Authentication in day-today life is your bank's ATM card. To get money from an ATM machine, you have to present your card and enter the password. This means even if an attacker steals your ATM card, it is no good to them unless they also know your PIN (which is why you should never write your PIN on the card!).

Most email providers and social networking sites allow users to verify their online identity using 2 Factor Authentication. ITS recommends staff and student users enable 2 Factor Authentication for their University Waikato Gmail accounts to add an extra layer of security. Targeted phishing attacks against University staff and students are on rise and with two-step verification, even if a hacker gets through your password layer through phishing emails, they'll still need your phone\backup codes to get into your account. 

The following video will show you how to set up 2-step verification on your Google account.