If you want security, lie to me
We’re all honest and good people… well, at least most of us are. From a young age, we’re taught to always tell the truth and to never lie. However, our inherent honesty can be our own worst enemy when it comes to cybersecurity.
We use our real names on sites, we upload our photos and share our holiday plans. Now, I’m not advocating that we create a fictitious life online and don’t share anything. But it’s important to be mindful of what we do share online, particularly on public forums.
So, whenever you share something publicly, ask yourself if you actually need to be completely truthful and transparent. For example, whenever school starts for a new year, many parents post smiling pictures of their children in their full uniform. Anyone can use that information to find your address. They now know your children’s names and ages, and which school they go to. If you really want to share the sentiment, maybe consider posting a photo of just their school shoes and a short message about how you’re happy that your 35th favourite child is on their way to school. Those who know will know, and those who don’t, well, it’s none of their concern.
But that’s more about being open and transparent, what part of it should you lie about for greater security? I’m glad you asked.
The question becomes a legal one, and not one that I’m qualified to answer for everyone. But the main thing to consider before handing over any information of any kind is, “Am I legally obliged to tell the truth?” You’ll find that very few things on the internet actually require the truth, so, it makes sense to lie, or at the very least, bend the truth a little bit.
When signing up for a platform, do you need to use your real name? If not, then make one up, or maybe just change the spelling of your name slightly. There’s pretty much no need to include your full name, and this includes any previous names.
Perhaps the most important part where I fully advocate lying is in those forgotten password fields. They are sometimes referred to as security questions and contain classics such as, “What was your mother’s maiden name?” “the street you grew up on,” or “the colour of your eyes.” Not only are these bits of information easy to get a hold of for any determined attacker, but there is absolutely no value in you providing the correct answers. In fact, treat those as you would treat a password. So, where it asks for the street you grew up on, simply reply with, OIJa3FNbby%#%((^jkdm42.
This is another reason why it’s good to invest in a reputable password manager. Not only can you save your actual passwords in it, but you can securely save all these generated answers, and any other distorted facts you may have associated with each profile.
Spreading just a little disinformation about yourself can be enough to throw automated attacks off the scent and frustrate human attackers to the point where they’ll move on to another target.
*** This is a Security Bloggers Network syndicated blog from Javvad Malik authored by j4vv4d. Read the original post at: http://feedproxy.google.com/~r/J4vv4d/~3/45rzOx8MJ8c/
