Recent breaches of internet security bring us to question just how safe the traditional secret question is and also if biometric scanners are any better. Secret questions are typically used when a password is forgotten as a way to identify the account user, but they do present a certain security risk. The biometric fingerprint scanners found on the newer Apple iPhones also raise questions of safety when used as part of login procedures.
The “hackers” who stole and released
photos of celebrities last month gained access to the celebrity iCloud accounts
through the secret questions. To login to iCloud, Apple only asked for an Apple
ID, a birth date, and a few secret questions about the celebrity users. The
“hackers” answered these questions by guessing and googling the answers.
Breaking into someone’s account requires so little information of that person;
it’s hard to believe the process is still being used (Dewey, 2014).
Having your account hacked through
the secret question is a problem; having someone steal fingerprint data used
for login could be a nightmare. The more
applications of the fingerprint scanner there are, the more likely your
fingerprint data will be lost through careless data handling and storage
procedures. This opens the door to every other service associated with that user’s
fingerprint rather than just the one account (Baraniuk, 2013).
The ability to easily crack secret
questions and the unsettling thought of someone taking my identity through my
fingerprints make me wonder what changes companies could make to better secure
my online accounts.
References
Baraniuk, C.
(2013). End of anonymity. (Cover story). New Scientist,
220#(2940), 34-37.
220#(2940), 34-37.
Dewey, C. (2014,
September 03). This is how easy it is to hack someone’s iCloud with their
security questions. Retrieved October 12, 2014, from
www.washingtonpost.com: http://www.washingtonpost.com/news/the-intersect/wp/2014/09/03/this-is-how-easy-it-is-to-hack-someones-icloud-with-their-security-questions/