Companies really need to re-evaluate what they ask as security questions.

If I know your name and your approximate date of birth (to the month) then, here in the UK at least, I have a very good chance of being able to find out your parents names, your mother's maiden name, your address, your parents address (i.e. probably where you grew up and what school you went to), your parents ages, when they got married, etc. - and all from publicly available info, not illegal crap you find on Tor or social media stalking.

This isn't hard to find if you know where to look - the problem is that people think that it's all private, and behave as such - and companies encourage it. The typical "internet safety courses" don't even touch on it, and even more tech savvy people I know often don't have a clue this is possible.

  • 0
    you piqued my interest.
    where do i look to find that?
  • 1
    Mother’s maiden name stopped being used a while ago. It’s true though, you can find out a lot of personal information via public records. If a company is only using basic questions for security then it’s not going to be difficult to get the answers.
  • 4
    So true, and with facebook you might not even have to search, same with pet names and other simple questions.
Add Comment