Quite a few people have been asking me lately about the Facebook data issues that have been in the news lately. The issue has been covered extensively and so I wondered what if anything could I add to the conversation. After a bit of reading, I realized that a large part of the problem hasn’t been addressed: you!
Yes, Facebook (and others) shoulder much of the blame here by making it extraordinarily easy for third-party actors to scrape up your data. Sure. But who put the data up there? Hmm?
You did. You couldn’t resist taking the poll about your high school mascot, or the one about your favourite ten albums, or what was your first dog’s name? There is an endless supply of these supposedly harmless little polls on Facebook. When you were answering them, did they look familiar to you at all? Perhaps they looked a little like those security questions that your bank made you answer when you signed up for online banking. Or the ones that Apple had you fill out along with your credit card information to secure your account. Or any of dozens of Internet locations that store your personal data and use security questions to control access.
If you take nothing else away from this column, remember this: Assume that anything that you post online can and will be read by anyone.
Most identity theft hacking doesn’t happen the way you see it in the movies with a lone hacker guessing your password with a couple of tries. Even poor passwords are difficult to straight-up guess unless the hacker has a bunch of information to narrow their search. For example, are you one of those people that uses a really difficult password to guess, but then uses it everywhere. Yikes! How about using a pattern like six letters, two numbers, and an exclamation point. Guess what, so do a lot of people. That knowledge helps hackers. It narrows the guessing by many orders of magnitude.
Most identity theft happens like this:
“Hi this is Apple support, how can I help you today?”
“Hi, I have a problem. My husband and I are divorcing and he has all the passwords to our accounts. I need access to my Apple account to change the credit card number.”
“Oh, I’m sorry to hear that. I’m just going to ask you a couple of security questions. Are you ready?”
<keyboard clicking sounds>
“What was your first job?”
“Uh, it was at Starbucks. A barista.”
“That’s right. And where did your mother and father meet?”
“In the same city as I was born, Red Deer.”
“That correct. I’ll send you a temporary password to your email.”
“Okay, but please use firstname.lastname@example.org.”
And you posted the answers online.
Facebook, Twitter, Google, Instagram, etc. all have some work to do, but stop making it so easy for the bad guys.
If you absolutely must fill out ridiculous Facebook polls, quizzes, games, etc., all designed specifically to get you to hand over personal data, then at least use something else for your security questions.
When I fill out security questions I record the answers in my KeyPass database along with the password. And I use answers which make sense but aren’t applicable to me. For example, if the security question is “What was your high school mascot?” I may use “Scooby Doo” or “Cyclops.” The program doesn’t care if the answer is true, just that you can respond with the correct one if asked.
Finally, don’t be afraid to use Facebook or social media in general, just make sure what your sharing is of interest only to your friends and family.
And never forget, if you aren’t paying to use it, you’re paying for it with your use.