Stupid Security Questions

I’ve always have a problem with security questions asked by banks and other financial institutions. For one part, these security questions are not really that secure and are easy to guess and reverse engineer. In 2008, the Republican vice-presidential candidate, Alaska Governor Sarah Palin’s email hacked by guessing the answers of security questions. From a Wired report on the account of the email crack.

The Palin hack didn’t require any real skill. Instead, the hacker simply reset Palin’s password using her birthdate, ZIP code and information about where she met her spouse — the security question on her Yahoo account, which was answered (Wasilla High) by a simple Google search.

Recently, it was reported that President Obama’s Twitter account was hacked by guessing the security question related to password recovery systems. These type of ‘hacks’ require no computer science degree, computer security expertise, or black hat hacking skills. This is the sort of ‘hacking’ that an ex might find themselves doing on your Facebook account. I would not put a lot of blame on curious kids with a lot of time on their hands and an internet connections, I put the blame on enterprise software architects that impose stupid and weak security systems in place.

At first, security questions consisted of naming the town you where born, or the maiden name of your mother. Then the progressed to the name of your third grade teacher, then the last name of your fifth girlfriend, then to the where you where in the 1989 Loma Prieta earthquake, and they have gotten worse since then. Here are some security questions I found myself forced to answer.

  • Who was your childhood hero?
  • What is the first and last name of your first boyfriend or girlfriend?
  • Which phone number do you remember most from your childhood?
  • What was your favorite place to visit as a child?
  • Who is your favorite actor, musician, or artist?
  • What was the last name of your third grade teacher?

The problem now, with the current trend of security questions, is that even I don’t know the answers to them or that their answer might change over time. Trying to answer any of the the above security questions in five years from now and you might sounds like the following… “I liked both Spiderman and Wolverine, but I might have answered Superman. I liked Britney Spears then, but not as much as Miley Cyrus, but wasn’t Lady Futura big then.”

I think that security questions are not secure or practical. They are a annoyance for users and high light security flaws in computer systems.

Here is a list of security questions considered good and notice that they all suffer from the issues outline here, they are either easy to guess or easy to forget.

  • What was your childhood nickname?
  • In what city did you meet your spouse/significant other?
  • What is the name of your favorite childhood friend?
  • What street did you live on in third grade?
  • What is your oldest sibling’s birthday month and year? (e.g., January 1900)
  • What is the middle name of your youngest child?
  • What is your oldest sibling’s middle name?
  • What school did you attend for sixth grade?
  • What was your childhood phone number including area code? (e.g., 000-000-0000)
  • What is your oldest cousin’s first and last name?
  • What was the name of your first stuffed animal?
  • In what city or town did your mother and father meet?
  • Where were you when you had your first kiss?
  • What is the first name of the boy or girl that you first kissed?
  • What was the last name of your third grade teacher?
  • In what city does your nearest sibling live?
  • What is your youngest brother’s birthday month and year? (e.g., January 1900)
  • What is your maternal grandmother’s maiden name?
  • In what city or town was your first job?
  • What is the name of the place your wedding reception was held?
  • What is the name of a college you applied to but didn’t attend?
  • Where were you when you first heard about 9/11?

Another trend that I have noticed is that financial institutions and credit companies have a lot of private data on you and other perspective borrowers. So they don’t need to ask you such security questions, they can generate they own and match your answers to the years of paper trail and data fingerprints they have on you. If you call your bank in the near future, don’t be surprised if they ask you who you lose your virginity to.

Subscription Model Fail Whale

Users naturally get upset when someone pulls a bait and switch wool over their eyes and put in place a subscription model on what used to be free content. Building a community and building a business around a community are not the same thing. This is especially true when a community organically develops around a previously free model. People invest their time and energy around the community but as soon as a pay wall goes up the social contract gets replace with a bottom line. I understand that people need to make money, we don’t like in communist Russia, but lets not forget that communist China is the fastest growing economy.

Andrew Warner, the founder of the startup and entrepreneurship focused site Mixergy, changed his site so that content older than a week is only available to paid subscribers. There is nothing wrong with making a buck, and I am sure he will do okay, but by making a quick buck we actually short our users. Funny enough, Andrew has interviewed dozens of successful entrepreneurs that have made a successful business by providing free content to build a platform to spring board their business.

Leo Laporte has built a podcasting empire with shows like This Week in Tech, MacBreak Weekly, Security Now, FLOSS Weekly and many more. Leo podcasts are ad supported and he spent a lot of time in making sure the ads are relevant to his audience. Another example and another entrepreneur whom Andrew has interviewed is Gary Vaynerchuk. Gary started out by making video reviews of wines for his blog. The video reviews where free but they where also presented and sponsored by his real business Wine Library. Gary has now moved on to write a book Crush It! A similar story can be told of Seth Godin. Seth writes freely available essays on his blog and writes a large number of books based on his writing. Seth has also “spun off” several online business. It is important to make the mental distinction that the free blog, podcast, essays are distinct from the paid service, product, or business. You don’t monetize your community by slapping a price tag on them.

Newsday recently learned by putting up a pay wall to your content does not lead to immediate success. Newsday is a half a billion dollar business and recently made the move to make their content online accessible to paid subscribers for a $5/week subscription. It is reported that after three months Newsday was able to sign up a mere 35 subscribers. I know Andrew will fair better than Newsday, there are a lot of passionate startup founders and entrepreneurs, but the complete and utter failure of Newsday is worth nothing. Subscription model to web content is not an original idea. It is not a purple cow, it will not help you get viral, it introduces money to the equation and money has a different expectation.

10 Ways to Make Your Boss Love You

Here is a draft post that has been waiting to be published. The October 2009 issue of Smart Money had a short list of top 10 Ways to Make Your Boss Love You. I think these are still applicable now.

  • Put in the hours-when it counts.
  • Empathize
  • Defuse a bad situation
  • Be a conduit
  • Ask for help
  • Connect the boss’s way
  • Show initiative
  • Be positive
  • Make like mini-me
  • Get your face time

Free Million Dollar Business Ideas

I just don’t have the free time to execute on every million dollar idea I have, so I am giving them away for free, royalty free, as in free beer and freedom some of my million dollar business ideas! With the right entrepreneurship attitude, you can take this idea to profitability.

Product Placement in Books – Advertisers invented soap operas just to advertise soap. Baseball cards started off as a marketing gimmick for cigarettes. Now, ads are as pervasive as the air we breath and it pays for a lot of the content we normally consider as free. But people don’t like to sit and watch ads, or billboards, or commercials so advertisers have developed product placement ads in movies, video games, and hip-hop music. One media that has not been monetized is the book industry. Imagine, classic with product placement from companies contemporary to the time the book was written. Pride and Prejudice with a supplement chapter or two dedicated to the products and services of the British East India Company! In this fashion, your company can be immortalized in literature. There is a business opportunity for the right marketer to embed ads to your products of services in fiction. For example, imagine the next Danielle Steel romance book being sponsored with embedded as by K-Y Yours + Mine Couples Lubricant that are part of the storyline.

Be a Pioneer – You might be asking yourself, how can I be a pioneer if the West has been won? By pioneer I don’t mean for you to settle in out West in some homestead, I mean be a social media pioneer. About this for a case study, Tila Tequila was one of the earliest pioneer on MySpace. As an early user of MySpace, Miss Tequila was able monopolize her network into a platform to launch a career. Okay, I know what you are saying, “Tila Tequila has a career.” Twitter has provided a number of examples where early Twitter adopter that leveraged the power of friendship and follower have done well for themselves. Zappos, the online retail store, has made it public that it has a Twitter course for new employees. To be clear, be a pioneer and leader in any new and up coming social media community. The truth, is that you can’t predict which and when a new social medium will gain traction or momentum but the cost to entry is usually small. And, as an early adopter, you will get online creed for reaching out to your customer base in new forms and fashion! Just think of it this way, you can’t be first in your industry to have a web page, but you might be the first to have a Twitter account! Monopolize your lead in new social forums to your competitive advantage.

Universal Order Number – A Universal Order Number is printed of your receipt at a restaurant, which I can go online to check for example a drive through order and to make a specific complaint, such as they forgot an order of fries. This can be be used as a market and customer service feature where you can get promotional material based on your recent purchase or where you can complain about missing items. This can also be used to generate customer service reports, as part of surveys for new product trials, provide health tips about the food purchased. Of course you can group orders and see the life time of your purchases. This service would not be complete without the ability to automatically complain or praise of the service via integration with Facebook and/or Twitter.

Gender Specific Foreign Language Books – When a women goes to a foreign country they need a phrase book specific for their needs. A foreign language phrase book for women would help with translations such as: What size is it? Does it come in black? Do you have size 10?

Rating Service Bureau – One of the best business idea I have seen, next to credit card companies, are rating service companies. For example, there are companies that rate bonds, and other investments vehicles. That are service companies that rate individuals credit history. In theory, you can rate anything. You can rate different cell phone plans, quality of different bottled water companies, or rate travel packages. Rating companies such as Standard and Poor’s and Energy Star have become de facto rating services for their industries that they have become a focal point in the economic recovery and green initiative, respectively.

Insurance – Insurance are great business ideas. Insurance is like a tax, you can always come up with a new one. You can create new insurance policies, such as child support insurance to cover the probability of your baby’s daddy being a dead beat. You can create a new insurance policy for the probability that they will lose their health insurance. You can insure anything, it is like Vegas except you pay people not for winning but for a bad event happening to them.

1-800 Directory – They say those who can’t do, teach. Well, those that can’t create content, aggregate. You can be a aggregator for a particular service, such as 1-800-flowers or 1-800-dentists. Imagine, 1-800-Plumbers or 1-800-strippers.

National Day – Make a national awareness day for something. Like National Hispanic Month, National Secretary Day, or National Payroll Week. Celebrate that day, bring awareness to a cause, and sell souvenirs, gift cards, and promotional material. Don’t forget to trademark the idea, terms, and images behind it.

Namespace Land Rush – One great idea is to build into any service a limited namespace. For example, only one entity can own the domain name Only one application can post an application on the Apple App Store for a given name. Only one user can have the Twitter @holla account. In addition to a namespace, develop the market place with the ability to buytradesell on this virtual limited resource.

Top 10 Most Powerful Women

The September issue of Forbes has a list of The World’s Most Powerful Women top 100 list. Here are the top 10 women, according to Forbes.

  • Angela Merkel
  • Sheila Bair
  • Indra Nooyi
  • Cynthia Carroll
  • Ho Ching
  • Irene Rosenfeld
  • Ellen Kullman
  • Angela Braly
  • Anne Lauvergeon
  • Lynn Elsehans

Business Owner’s Manual: Automate Decisions

As a business owner, the question you really want to ask is not “can my employees do more” but how can I remove obstacles encountered by my team. Ask not “can I give them more tasks” but how can I give them more responsibility and visibility. As it turns out, sometimes, the business owner is the obstacle because she needs approval on every decision, whether it is a $20 or $20,000 dollar decision. A business owner can find ways to to maximize employees output without having resort to running a sweatshop… For example you can always automate repetitive tasks or invest on upgrading technology to produce more product with less stress.

Children are Made of Advertising, Consumerism, and Debt

In the USA, children are made to be consumers. We grow up to believe that we need to buy new shoes if we want to be runners, that we need to buy a ticket at an amusement park to be amused, that we need to buy $100 college books to go to learn, etc. We live in a free country where everything has a price. We live in a free country but we don’t have enough free and open spaces. Strip malls have replaced the out doors, movies have replace oral story telling, online communities have replaced our local communities, we teach kids about sex education but not to love. Children are the perfect consumer bots. Advertisers target them, they are the perfect demographic, and they are the ones that will pay for it all. The allowance we give them, we borrow and they will have to pay it all back with interest. They will also have to pay for grandma’s social security and grandpa’s viagra. Child are made to be consumers, and we are going to make the pay for it.