UW professor: ‘10 concerts' Facebook meme may reveal answer to security questions

by: KIRO 7 News Staff Updated:

Computer
Stephen Lam/Getty Images

If you’ve opened your Facebook app recently, your feed has likely been flooded with statuses of your friends posting “10 Concerts I’ve Been To, One is a Lie.”

A meme prompted the engaging challenge, in which people ask their friends to comment which concerts they truthfully attended.

An illustration of the “10 Concerts I’ve Been To, One is a Lie” poll that trended on Facebook.

But national security and information experts – locally and nationally – warn it could be a threat to your online privacy and security.

University of Washington crisis information professor Kate Starbird sent out a tweet on Friday morning explaining that many security questions ask users to submit their first concert as an answer.

Additionally, privacy experts caution the “10 concerts” poll could reveal too much about a person’s background and preferences and sounds like a security question.

Michael Kaiser, executive director of the National Cyber Security Alliance, called the threat moderate. He told The New York Times that the poll is similar to other quizzes on Facebook, and that the answers can reveal specifics about someone’s upbringing or culture.

Despite other warning of risk, Alec Muffett, a software engineer and security researcher, suggested that password protection for security questions begins with what users submit.
 
“The usual aphorism is: ‘Your password should be secret, but ‘secrets’ make really bad passwords’ — especially when they are just discoverable or guessable facts.”

Security experts advise that it’s best to make up an answer to your security answer, rather than a truthful one that could be easily obtained.