Lesson:
Yahoo Security Questions
- Course: Cybersecurity 101 for HR Pros
- Module: Real World Lessons
- Lesson Type: Video
- Lesson Duration: 2:36
Lesson Content
In the concepts section, I referenced two attacks on Yahoo over the last few years. When attackers accessed the user data for 1 billion Yahoo accounts, they were able to obtain: names, email addresses, telephone numbers, dates of birth, hashed passwords, and quote encrypted or unencrypted security questions and answers.
That’s a lot of personal information on a lot of people to take in one sweeping attack. With a breach like this, one of the first things to consider is: “Is the damage contained to this service?”. When a company loses factual data about who you are, it can aid someone trying to steal your identity. And factual information is problematic because unlike usernames or passwords, you can’t change that information if you feel threatened online because it is a part of you and your history.
Of all of the data points stolen, one of the most concerning to me is the security questions and answers. Security questions are something that give many people a false sense of safety while undermining their ability to protect themselves from identity theft.
It’s important to ask yourself: why are they asking me to give answers to security questions? The reason is simple: they are an old fashioned form of two factor authentication.
The best way to prevent identity theft concerns when using security questions is simple: don’t answer the questions honestly. No company is checking to find out if you correctly gave them your mother’s maiden name or city of birth. They don’t need to know which high school you attended or the road you lived on during elementary school. Security Questions and answers are just another layer of passwords. All that matters is that at some point in the future, during an attempt to authenticate your account, that you’re able to give the answer that matches what they have on record.
Since so many sites and services ask the same or similar questions, a breach on one site can allow someone to take control of other accounts in your life. The rolling effect I have mentioned previously where someone gains control to many accounts through a single breach is my biggest fear for anyone online. This Yahoo breach could absolutely have been used to get into someone’s bank account, social network, cloud storage, or other deeply personal services.
The only way to counter this kind of breach is to give different answers to every site that asks security questions. Since this is just another password, use the kinds of random password generation I covered previously, store the answer in a password manager, and move on without worrying about it. The key is to understand that nobody is checking on the answer, and you are free to give it any response you like.
I expect security questions to disappear as a form of security in the coming years, but until then it’s crucial that you understand why they exist, and how best to use them when required while staying safe and protecting your identity.

Instructor:
Michael Wilson
Michael Wilson works with small businesses to build and protect their brands online. He is an IT Generalist whose primary services include: Web Design & Development, Cybersecurity Consulting & Training,...
Michael's Full BioModule 1 0/2
Welcome
Module 2 0/5
Concepts
Module 3 0/4
Securing Your Accounts
Module 4 0/3
Securing Your Devices
Module 5 0/3
Phishing
Module 6 0/4
Data Loss Prevention
Module 7 0/3
Real World Lessons
Module 8 0/2
Conclusion
HR Courses
Human Resources Training Programs
Self-paced HR Courses
The following HR courses are self-paced (asynchronous), and qualify for both SHRM and HRCI recertification credits. These courses are included in the HR Recertification Subscription.
Duration: 1 hr 1 min
SHRM: 1.0 PDC
HRCI: 1.0 General

Liz LaForte
Duration: 1 hr 30 mins
SHRM: 1.5 PDC
HRCI: 1.5 General

Dawn Tedesco
Duration: 1 hr 4 mins
SHRM: 1.0 PDC
HRCI: 1.0 General

Hayley Buonopane
Duration: 1 hr 18 mins
SHRM: 1.25 PDC
HRCI: 1.25 General

Christina Danforth
Duration: 2 hr 5 mins
SHRM: 2.0 PDC
HRCI: 2.0 General

Craig Haas
Duration: 2 hr 30 mins
SHRM: 2.5 PDC
HRCI: 2.5 General

Christina Danforth
Duration: 1 hr 6 mins
SHRM: 1.0 PDC
HRCI: 1.0 General

Lois Krause
Duration: 1 hr
SHRM: 1.0 PDC
HRCI: 1.0 General

Craig Haas
Duration: 1 hr 8 mins
SHRM: 1.0 PDC
HRCI: 1.25 General

Stephanie Legatos
Duration: 1 hr
SHRM: 1.0 PDC
HRCI: 1.0 General

Karen Hinds
Duration: 1 hr
SHRM: 1.0 PDC
HRCI: 1.0 General

Hayley Buonopane
Duration: 1 hr
SHRM: 1.0 PDC
HRCI: 1.0 General

Christine Gatti
Duration: 1 hr
SHRM: 1.0 PDC
HRCI: 1.0 General

Hayley Buonopane
Duration: 1 hr
SHRM: 1.0 PDC
HRCI: 1.0 General

Christine Gatti
Duration: 1 hr
SHRM: 1.0 PDC
HRCI: 1.0 General

Hayley Buonopane
Duration: 1 hr
SHRM: 1.0 PDC
HRCI: 1.0 General

Hayley Buonopane
Duration: 1 hr
SHRM: 1.0 PDC
HRCI: 1.0 General

Christine Gatti
Duration: 1 hr
SHRM: 1.0 PDC
HRCI: 1.0 General

Christina Danforth
Duration: 1 hr
SHRM: 1.0 PDC
HRCI: 1.0 General

Stacey Zackin
Duration: 1 hr
SHRM: 1.0 PDC
HRCI: 1.0 General

Stacey Zackin
Duration: 1 hr
SHRM: 1.0 PDC
HRCI: 1.0 Business

Dr. Deborah Osgood
Duration: 1 hr
SHRM: 1.0 PDC
HRCI: 1.0 General

Christine Gatti
Duration: 1 hr
SHRM: 1.0 PDC
HRCI: 1.0 Business

Jack Antonich
Duration: 1 hr
SHRM: 1.0 PDC
HRCI: 1.0 General

Christine Gatti
Duration: 1 hr
SHRM: 1.0 PDC
HRCI: 1.0 Business

Jack Antonich
Duration: 1 hr
SHRM: 1.0 PDC
HRCI: 1.0 General

Stacey Zackin
Duration: 1 hr
SHRM: 1.0 PDC
HRCI: 1.0 General

Stacey Zackin
Duration: 1 hr
SHRM: 1.0 PDC
HRCI: 1.0 Business

Jack Antonich
Duration: 1 hr
SHRM: 1.0 PDC
HRCI: 1.0 General

Stacey Zackin
Duration: 1 hr
SHRM: 1.0 PDC
HRCI: 1.0 Business

Jack Antonich
Duration: 1 hr
SHRM: 1.0 PDC
HRCI: 1.0 General

Stacey Zackin
Duration: 1 hr
SHRM: 1.0 PDC
HRCI: 1.0 General

Christine Gatti
Duration: 1 hr
SHRM: 1.0 PDC
HRCI: 1.0 General

Christine Gatti
Duration: 1 hr
SHRM: 1.0 PDC
HRCI: 1.0 General

Christine Gatti