

What Your Facebook Profile May Be Telling ID Thieves - edw519
http://finance.yahoo.com/family-home/article/111722/what-your-facebook-profile-may-be-telling-id-thieves?mod=series-m-article-a

======
SimonPStevens
I don't really see how this is "Interesting" -
<http://ycombinator.com/newsguidelines.html>

It's the same old dull write up about users who don't know better giving out
all their private details on social networking sites. This isn't anything new,
it's been happening for ages and their are constant warnings and articles like
this.

~~~
cdr
Some people like to collect karma and will submit everything they possibly
can. Opinions will probably differ on what percentage of blame belongs to the
submitter versus the upvoters.

------
camtarn
The first part of the article actually more highlights the fact that security
questions are often blindingly insecure. Often a service which uses security
questions will provide a list of available questions, some of which would open
an account to easy attack if used (e.g. "What is your car registration
number?") and many services do not allow a custom question to be supplied.

~~~
larrik
While I agree with the sentiment, I find it surprising how much longer these
questions/answers last than the facts I used to answer them.

Even "what is your phone number," I have to think back to the 10 phone numbers
it COULD be.

"What is your favorite car?" Well, usually my current one, so WHEN did I
create this account?

~~~
EGreg
The trick is not to answer the question they're asking you.

Think of something permanent like "who was your favorite teacher in high
school" and stick to that for EVERY question.

~~~
pasbesoin
Essentially, a second password that you may have to enter multiple times.

(And that the host may store and/or present -- at least internally -- in
cleartext (or a less protected format), depending upon their practices. So,
beware if you start / of doing this across different sites.)

What particularly irks me with regard to security questions with many hosts is
the absence of an opt out. Here's this security weakening feature, and you
must participate!

(I understand is saves them support time/labor on the front end. A bargain
with the devil.)

------
BrandonM
Yes! Let's all live in fear of criminals and professional failure, constantly
self-regulating our activities in order to avoid temporary loss.

Do people really have no concept of cost-benefit analysis?

------
EGreg
Really, Yahoo Finance writer? I can't reveal my pet's name on the internet, or
my birthdate, because my bank has bad security?

I would say that the real problem is using stupid questions like that as
"security questions". Sarah Palin's account was cracked this way. Anyone who
has ever seen my house or tries a brute force attack with common pet names
will be able to enter.

And then there's this: <http://xkcd.com/792/>

Do yourself a favor -- when you see a security question like "What is your
favorite pet's name", pretend they asked something else, like "What do you
like to have for breakfast" and answer that instead, for every security
question!

