fbpx
password security
Where were you for the start of the millennium?
What was the model of your first car?
What’s your royal wedding guest name?

It’s all good fun, right? These kind of posts often go viral. We share some fun facts about our lives, our friends do it too, we all learn something new about each other. We interact, find common ground, find things to talk about. It’s got nothing to do with my password.

The last one is particularly fun. When we combine information like this we can come up with some hilarious names. Look at some of the answers, they are great:

Combining your grandparents name, first pets name and street you grew up on gives some funny results.

It’s just a bit of fun. It’s harmless information. The information itself has no classification – it’s not a secret, it can be freely shared, there’s no harm done.

But wait – what’s this?

Office 365 Password Reset Security Questions
Microsoft Azure default security questions

That’s the list of default security question to enable self-service password reset in Microsoft Azure AD. Microsoft Azure AD is the authentication service for Microsoft Office, which might be your email system. Or, it might be your work email system. If you look through that list, you’ll see “maternal grandmother’s name”, “street you grew up on” and “name of first pet”.

Always Networks’ customers will always be configured to use additional information other than security questions for password resets, to mitigate this.

So, by coming up with your hilarious Royal Wedding Name, you’ve inadvertently posted the answer to three of your security questions online.

Social Engineering is a real threat. It’s one of the most common ways to obtain access to systems. It comes in many forms, from phoning you up pretending to be your ISP, to turning up in person pretending to fix the water cooler, to putting “fun things” online to get you to divulge information.

The three examples referenced above are certainly not intentional social engineering attacks. The next one you fill out might be though. And whether it was intentional or not, the fact stands: the information is in public.

It’s not hard to use a search engine and collate information about someone. Within an hour, you can search through a persons Twitter, Facebook, LinkedIn, Instagram, and anywhere else they have a presence. You put your first car on one day, then three months later the street where you grew up, six months later your first school. All of this information is still there, and can be found and collated.

Once someone has all that information, there are plenty of places you may have used it. What’s your memorable word for your bank?

Think about what information you share online.

We know technology can be a bother, and that’s why we are here to help with all your IT needs, no matter how big or small.

Our goal is to make sure that your business has a reliable infrastructure in place so you can focus on what matters most – running your company! 

So if you need any help at all, book a 15 minute discovery call with one of our experts today. We’ll be happy to lend a hand! 

Select Service

Discovery Call 15 minutes
Free

Select time

Select a service and date to see available times.

Tell us who we are meeting

Can we have a heads up on roughly what you want to talk about please?

Initial consult

Duration: 1 hour
Not sure what you need? Grab 60 minutes with us and we will work with you to understand your goals, and to develop a proposal and price estimate.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Design

NAT: Demystified

What is NAT? NAT stands for Network Address Translation. It’s a method used for changing addresses in transit. Before we get too far into that,

Read More »