The top trending topic on Twitter the other day was #twitterpornname. This seemingly innocent meme prompts you to find your Twitter porn name by combining the name of your first pet with the street you grew up on, or some variation. Thousands of people began shouting out this information on their Twitter profiles.
At this point, little red flags may be going off in your head if you realize that another place you may have seen these questions is... the security questions for your online bank account! "The name of your first pet" and "the street you grew up on" are common security questions asked by many websites, and probably you've signed up on a few websites that have asked you these.
This meme quickly caused people to seriously think about online security. On one hand, you have people freely giving out the answers to their security questions for their online banking accounts, their student email accounts, etc.
On the other hand, you have businesses treating this information as if you are the only one who could possibly know it. The whole point of a password is that nobody knows it except you. If I log in to a website and provide my password, the website can be reasonably sure that it is really me logging in. When security questions can be used to reset a password, you'd better be sure that nobody else knows the answers to the security questions.
Why, then, do businesses assume that you are the only one who knows the answers to "what street did you grow up on" or "what is your mother's maiden name"? Surely you can think of a few other people in your life who know the answers, because they grew up with you, or they are related to you.
So while it's generally a bad idea to give out the answers to your security questions on Twitter, there is really a bigger issue here.
Note: You may have arrived at this post because you saw my tweet which included my SSN and credit card number. Be assured: this was not my actual SSN or CC#. I was making fun of the fact that people give up personal information so easily.
