Security Questions Aren’t Very Secure When Your Whole Family Knows The Answers

Image courtesy of (i.Chrs)

If you’re a forgetful person or have too many accounts to keep track of, the ability to reset an account password by typing the answers to a few questions about yourself can be a lifesaver. But there’s a dark side, too: it leaves you vulnerable to social engineering. Or having your Amazon password reset by your 94-year-old dad.

Perhaps you remember when then-Governor of Alaska and vice-presidential candidate Sarah Palin had her e-mails exposed when someone used biographical information available to the public to access the Yahoo Mail account she used for routine correspondance. Even if you aren’t a nationally prominent politician who tells reporters over and over again where you met your spouse, there is someone out there who knows where you met your spouse, your father’s middle name, and the name of your first pet. Your relatives.

We are kind of impressed that reader Eric’s grandfather thought that this Kindle thing looked pretty neat and wanted to give it a try. Way to keep up with technology! Unfortunately, he did so by resetting the password of his mom’s Amazon account, then promptly forgetting what he had changed it to.

About six months ago, my mom called me and mentioned that she was not able to access her amazon movies through her Roku and could not buy anything on her Kindle. She had also received a few books she hadn’t ordered. I told her to call Amazon and change her password, assuming that she had been hacked.

What they told her boggles the mind. A little back story- 4 years ago, on a visit to her dad’s, he had seen her first gen Kindle and liked it so she gave it to him and later bought herself a newer model. Apparently, her 94 year old father had recently tried to buy a book on the Kindle, and being her father had been able to answer enough security questions to change the password and buy the book. Being 94 years old, he immediatly forgot whatever he changed it to.

The upshot, however, is that now she is locked out of her account. Grandpa, while wiley enough to change the password once, can’t figure out how to fix it from his end. Several calls to amazon got her a new account to use, but all her books and movies associated with the old account are, according to Amazon, lost forever. Everyone she has spoken to has been quite sympathetic, but cant seem to figure out a way to fix her account. Anyone out there have any idea who we should be talking to to get her put back together?

As we suggested a few years ago, the best way to avoid this kind of thing is to make up answers, but stay consistent. Always transpose your first kiss and your first pet, say.

Want more consumer news? Visit our parent organization, Consumer Reports, for the latest on scams, recalls, and other consumer issues.