Blaming Users for Stupid Security Schemes

CNN’s Scott Andrew wrote a story advising people to not share old photos on Facebook.

In an act of social media solidarity with high school seniors who are finishing out their final semester at home, Facebook users are sharing their own senior photos with the hashtag #ClassOf2020.

It’s a sweet sentiment, sure, but beware: Your post could help potential hackers crack into your private accounts, according to the Better Business Bureau, a nonprofit that tracks, among other things, internet scams.

Malevolent scammers can scan sites for this hashtag and find the name of your high school and your graduating year — two common online security questions. And if your social media account isn’t locked up, they can find out a lot more about you.

So before you share, the bureau suggests you tighten your security settings so strangers can’t find your information as easily and regularly change the security questions you use to access online banking and other services.

This gets the issue completely backwards.

The problem is not that people share photos of senior photos online. That is a completely normal, human thing to do. For many of us, our senior photos have been online for years due to other people uploading scans of our yearbooks.

No, the problem here–and the one that really deserves more coverage–is that banks and other businesses continue to insist on using security questions to protect accounts in 2020.

There is zero security in security questions, and it should be a scandal that so many institutions still force customers to use them.

Leave a Reply