Windscribe VPN CEO warns your favourite Facebook quizzes are actually stealing your bank details

https://www.techradar.com/vpn/vpn-privacy-security/windscribe-vpn-ceo-warns-your-favourite-facebook-quizzes-are-actually-stealing-your-bank-details#%3A%7E%3Atext=Windscribe+VPN+CEO+warns+your%2CTechRadarOpen link View original on lemmy.today

176

Comments16

moobythegoldensock

infosec.pub

Well this article is about 15 years late.

Malyca

lemmy.zip

Did people not know this? I feel like we collectively went through it with the boomers at least twice in the past 20 years.

setsubyou reply

lemmy.world

I always thought security questions were dangerous, but I did in fact not know that quizzes that exploit them exist in the wild.

pHr34kY

lemmy.world

When asked, my mother's maiden name is "0nzoIHUzdTMu2YDz".

brokenwing reply

discuss.tchncs.de

Always encrypt your mother

NewNewAugustEast

lemmy.zip

So is LinkedIn but nobody cares.

Zwuzelmaus

feddit.org

By wrapping standard bank security questions, like your mother's maiden name, your first pet, or the street you grew up on

These questions have made me wonder ever since I first saw them. So I want to ask you all:

Do you take them for serious?

It seems a cultural difference maybe, but I could never remember what I have answered to one of them. I don't even know the true answers to most of them, and if I know it, then I would still not want my bank to know it.

The only way where this kind "security" makes sense to me is when I can freely type in both the question and the answer. Then I choose a question that does not make sense to most other people, only to me personally, and then I won't ever forget the answer.

skaffi reply

infosec.pub

As long as you can choose the answer, you can also choose what the question really is. You can just decide that questions about your mum's maiden name are actually asking you about the last name of the doctor that delivered your first born.

Or, better yet don't tie security to personal or externally verifiable information about yourself. In the one or two cases, in recent years, where I've had to fill out such (in)security questions, I've just treated them as additional password fields, where I just create additional fields for them in my password manager, and generate long, random responses as their correct answers. Why yes, my mother's maiden name is Correct7Horse@Battery!Staple, why do you ask?

setVeryLoud(true); reply

lemmy.ca

I once did that, and had to spell out a 32 character alphanumeric password with special characters over the phone lol

Zwuzelmaus reply

feddit.org

password [...] over the phone

Please tell us the name of that bank, so we can avoid it.

setVeryLoud(true); reply

lemmy.ca

Biggest credit union in Canada

Zwuzelmaus reply

feddit.org

additional password fields, where I just create additional fields for them in my password manager, and generate long, random responses

Such hassle...
I guess it means yes, you take that stuff for serious.

teyrnon reply

sh.itjust.works

Big tech companies don't accept security questions to log into email. Like you log in correctly, they do the security questions, make you answer them correctly, then still don't let you in unless you link a phone number, even if you never gave them one and never agreed to.

Warl0k3

lemmy.world

Yeah this has been a joke for a looong time.

jobbies

lemmy.zip

Overly dramatic headline of the day

UsoSaito

feddit.uk

Like thats always been the thing for those