July 12, 2008It's Tough to Be Opaque on a Transparent Internet
Several days ago, I posted about someone apparently trying to hack into my Apple ID account. Today there was a more directed attack, as I received a notice from Apple (yes, a real, unphishy notice) that someone had made too many invalid attempts to answer my account's security questions.
Security questions come in all shapes and sizes. Typically, they ask you to enter your favorite this or that. On the one hand, you want to choose questions that have answers you'll remember three years from now; on the other hand, you don't want to supply answers that everyone on the planet knows. For instance, Charlie Brown might be tempted to select the "favorite pet's name" question because he'll know to answer "Snoopy" even when approaching senility. But everyone on his block also knows that answer because it's something widely known—including to a worldwide audience who reads the cartoon strip (blog precursor). Charlie must either choose a different security question, concoct a memorable (but undiscoverable) system for weaving numbers into the letters of the name, or intentionally submit a radically different name to throw off the thieves. Snoopy's relatives aren't candidates because they, too, are known and would be guessed by crooks.
With so many social networking and personal web sites on the Internet these days, it's all too easy for trusting souls to reveal everything they like—their favorites, their coolest vacations, their house paint colors—to try to hook up with like-minded people. Unfortunately, it can be dangerous to use this kind of public information to try to secure something as valuable as your various internet accounts.
And to the clown who's trying to get into my Apple ID account, I repeat that my web site writings, books, and Usenet postings dating back to the Stone Age offer no clues to my secret questions and the strings of characters used for answers. Allow me to offer you the words of Bender Bending Rodríguez: Bite my shiny metal ass!Posted on July 12, 2008 at 02:27 PM