If you’ve opened your Facebook app recently, your feed has likely been flooded with statuses of your friends posting “10 Concerts I’ve Been To, One is a Lie.”
A meme prompted the engaging challenge, in which people ask their friends to comment which concerts they truthfully attended.
But national security and information experts – locally and nationally – warn it could be a threat to your online privacy and security.
University of Washington crisis information professor Kate Starbird sent out a tweet on Friday morning explaining that many security questions ask users to submit their first concert as an answer.
Additionally, privacy experts caution the “10 concerts” poll could reveal too much about a person’s background and preferences and sounds like a security question.
Michael Kaiser, executive director of the National Cyber Security Alliance, called the threat moderate. He told The New York Times that the poll is similar to other quizzes on Facebook, and that the answers can reveal specifics about someone’s upbringing or culture.
Despite others warning of risk, Alec Muffett, a software engineer and security researcher, suggested that password protection for security questions begins with what users submit.
Muffett said, “The usual aphorism is: ‘Your password should be secret, but ‘secrets’ make really bad passwords’ — especially when they are just discoverable or guessable facts.”
Security experts advise that it’s best to make up an answer to your security answer, rather than a truthful one that could be easily obtained.