Find a Review
Locate wireless services by a specific address, city, state, country, airport, or zip code.
- Get tech advice from thousands of PC World Members
- Rate and recommend the latest tech products
- Share your thoughts in blog and article comments
- Get free excerpts and exclusive discounts on Super Guides
Sites' Personal Questions May Pose Security Risk
Asking about your mother's home town is supposed to help legitimate sites protect your online accounts--but experts say hackers know more about you than you might think.
Paul F. Roberts, PC World
What did your maternal grandfather do for a living? What was your high school mascot's name? Your first pet's name?
If you have an online account at a retailer like Amazon.com, you've probably run into such questions when opening an account or when trying to recover one of the dozens of passwords you juggle in your head. Online businesses everywhere have embraced the technique, which is called knowledge-based authentication.
Theoretically, the answers to these questions are so personal and obscure that knowing them proves you are you. Experts say, however, that the technology could end up helping hackers compromise your online accounts more easily.
Knowledge-based authentication doesn't replace user names and passwords; it's an extra layer of security on top of such schemes, since hackers who stumble across your log-in credentials won't easily figure out the name of your high-school sweetheart. Collecting log-in information and answers to secret questions from your computer requires keylogging software, making it harder for malicious hackers to triumph.
Phishers Get Close to Home
Jon Fisher, whose firm, Bharosa (acquired by Oracle last year), develops questions for companies to use, says knowledge-based authentication adds a step for account access. "Phishing both those pieces of information is fairly sophisticated."
But scammers have adapted, adding secret questions to their decoy pages, says Lance James, CTO of fraud research company Secure Science. Bank phishing sites may include their own fraudulent drop-down lists that capture people's answers, which bad guys can then use to hack real accounts.
Even when hackers don't resort to subterfuge, these nuggets of information can be easier targets than passwords. Mark Burnett, author of Hacking the Code, has observed that seemingly random questions such as "What was the make of your first car?" have a narrow list of answers--in the case of autos, 38 major makers--that hackers can use to try to break into an account, versus a vast multitude of password combinations.
HP Ink CenterBring improved color and brilliance to your printed material. Visit the Resource Center for more info...
CDW Solution CenterDeliver speed and scalability in your storage systems. Find out how at the CDW Solution Center.
Asus Notebook CenterUltra-fashionable thin and light notebooks with SmartLogon Face Recognition. Find out more at the Asus Resource Center.
Centrino, Core 2 Duo, Core 2 Quad, Core 2 Extreme? Check out the Intel Technology Center for more info...
Visit the Intel's Gaming section for the latest downloads, hottest gaming events and to learn about Intel & Gaming.
Discover how Windows Vista technology work in the benchmarks with Intel Centrino processor technology. 
Join Altigen for a Live Web Demo and learn how VoIP technology can improve your business communications. The Future Sales Force - A Consultative Approach
This white paper discusses the challenges of selling complex products and services, and the new skill sets sales professionals must employ.
PC World's Marketplace
PC World's Free Whitepapers
tech news tech blogs community & forums laptop prices software reviews downloads
