This just in: hackers know the name of your dog.

You know those security questions that websites ask you when you forgot your password? It turns out those aren’t very secure, at least from a hacker’s perspective. When you think about it, it makes sense: it’s easier to guess someone’s favorite color or dog’s name than it is to guess a password that could be 8-20 characters, case-sensitive, and laden with symbols. And in this era of blogging and over-sharing, figuring out someone’s high school mascot could be as easy as reading their latest blog entry about their 10-year reunion. According to an article on MSNBC last week, personal trivia is getting less and less obscure, and it’s exactly that personal trivia that used to keep us safe from having our passwords reset and our accounts hacked.

MSNBC referenced a recent Scientific American study to make the point of how unsafe our security measures are. The chief security strategist of People Security, Herbert Thompson, tried an experiment to see how easy this sort of hack really is, and he amazed even himself. With just a few quick actions (and with permission to try his experiment), he made his way into an acquaintance’s bank and email accounts. In the article, he describes the process he went through, step by step, and makes the point that it’s not really hacking, but rather is mining the Internet for the data that’s already out there to be had. “I share it here because it represents some of the common pitfalls and illustrates a pretty serious weakness that most of us have online,” he said. 

Think your data isn’t out there for the taking? Think again. Entire databases of information such as people’s dog’s names can be bought for $15, according to MSNBC. A lot of this information actually comes from phishing emails that collect data under false pretenses (see our earlier articles on how to avoid the pitfalls of phishing). And while hacks of this nature haven’t become commonplace just yet, more and more attention from both criminals and researchers is turning that way. A rumor went around for a while that even Paris Hilton was a victim of this hacking method; the rumor claimed that her dog’s name (which was easily found because of her very public persona) was used as the means by which hackers accessed her cell phone in 2005 (this rumor was later debunked, but attention was drawn to the “forgot your password” hacking method). Even the government can work against us in these circumstances, as mothers’ maiden names can be found in public records, and city statistics can indicate what the more common dog names in the area are.

Before any panicking ensues, remember that you can help keep your information secure. You can start by not using the security questions if you can help it; perhaps your bank offers other ways to reset your password, if you ask. If you must still use the same security measures, though, consider being sneaky on YOUR end. For example, just because your dog’s name is Max doesn’t mean you have to enter it as Max… You can enter it as Rub1×50!. Of course, you’ll have to write down your fake security answers and keep them someplace safe (like a lockbox, NOT your wallet), but you’ll be able to rest assured that a hacker won’t simply guess the answers from what they’ve read about you on Facebook.

Sources for this article: MSNBC, Scientific American, Yahoo! News