What’s the Problem?
You’re Unknowingly Giving Your Accounts Away to Hackers
By now, most of us have some sense of what hackers do and why they do it. You have information or resources that hackers want, and they have designed systems and software to circumvent the security of your information or resources. And crafty hackers do more than find backdoors to sneak through: they leverage human psychology to create backdoors in ways that likely escape our awareness. So it’s up to us to learn how to spot these backdoors and keep them locked.
Creating Backdoors
Hackers Pray on Human Psychology
Human beings desire connection. We yearn to belong to intimate family groups and even extra-familial tribes (Winch 2020). This is part of the reason why social media can become so addicting: social media provides a vehicle to find connections if even for a fleeting moment. There is a certain sense of satisfaction—perhaps fueled by a dopamine hit (see Lieberman & Long 2019)—when we find common ground or share in experiences with folks on social media.
Take these seemingly innocent delves into generational and tribal connection vis-à-vis nostalgia (pictured below):
As of the time of this writing, roughly 2.1 million social media users found some form of connection by responding to this post to “[d]ate yourself by naming one concert you have attended.” The question asks us to “date ourselves,” so there is an explicit attempt at intergenerational connection. Think, yeah, this is my generation! I’m so old! – Oh you think you’re old? Are you old enough to have seen Led Zeppelin on their first United States tour back in ’68? Then various macro-tribal units form around conversations such as this. It’s all about connection and good, nostalgic fun.
The trouble is that you’ve possibly given away the answer to one of the security questions your bank asked you to answer in order to protect your password from being changed.
“What was the first concert you attended?”
“Who is your favorite musical group?”
“What year did you go to your first concert?”
And so on.
The Big Takeaway
Keep Your Online Accounts Secure
As I wrote above, we all desire connection, and engaging in these little prompts on social media are one way that we can satisfy that desire. Hackers know this, so be wary about what kinds of personal information you divulge in public (and, frankly, “private”) spaces.
Ultimately, the single best thing you can do to keep your accounts secure is to enable two-factor authentication on every service possible—particularly those accounts that are attached to sensitive informational or financial assets, enabling services to essentially ask for two forms of identity: “Who are you?” (username & password) and “What do you have to prove who you are” (your smartphone that reads your fingerprint or has a onetime passcode that changes every few seconds).
See my article “Two-Factor Authentication (2FA) and Keeping Your Online Accounts Secure” for more details on how this works along with my list of recommended services.