A birthday isn’t something you might think of as private information. Almost everyone celebrates them on social media, and quite a few people post them on their profile.
That’s a horrible idea and here’s why.
It’s Probably One of Your Security Questions
Along with the model of your first car and your mother’s maiden name, your birthday is likely to be one of the most common question asked on most websites.
Security questions are notoriously bad. They’re likely the cause of most social media “hacks” online.
The fault is in the password recovery systems. They’re designed for you to be able to reset your password easily, but they often make it easy for hackers to do the same.
Brute-forcing passwords isn’t common anymore. Most “hacks” rely on data breaches or terrible security questions.
Like your birthday. It’s a wonder that it’s even still an option for the already insecure “security question protection” since it’s must easier for a hacker to find out your birthday than “the street you grew up on.”
Since it’s also one of the simplest and easy to remember questions, it’s probably picked quite often. That’s an issue because many people leave it publicly posted on their profile.
Even if your birthday isn’t the answer to an actual security question on your account, it’s still information that a person can use when they try to obtain access to your account through other means, like calling your service provider and pretending to be you.
It Functions as Your Password Sometimes
When I upgraded my phone at a Verizon store, they asked me for two things: my phone number and my birthday. Nothing else. They then proceeded to switch my entire phone line over to a new device. That’s a problem because those two easily-accessible numbers present an obvious attack vector against two-factor authentication.
Two-factor authentication is a great way to enhance security. It’s also used often for account recovery, as nobody should have access to a device in your pocket except you. But if someone can virtually steal your phone number just by knowing your birthday, it compromises any service that relies on it.
How many times have you been asked your birthday to verify something? This problem of “birthday-as-password” is prevalent in a lot of places. It makes sense: everyone has a birthday, so it’s easy to remember.
P.S. It Also Helps People Guess Your Social Security Number
If you were born in the USA, people can use your birthplace and date to guess your social security number.
Social security numbers were linked to birth location up until 2011 when randomization began, so everyone born before then has a more predictable social security number.
(Image Source: iCLIPART)