How Online Dishonesty Protects Your Identity
CREDIT: Jean Valley/Shutterstock.com
The venerable Ben Franklin is said to have written these famous words way back in 1777: "Honesty is the best policy."
He wasn't the first to say so, or the last. Since then, we've all heard the aphorism a thousand times as it's applied to everything from school work to job interviews to relationships.
But when it comes to cybersecurity and protecting your identity, lying is sometimes the best policy.
The Internet can't handle the truth
"I think [lying] is a really good idea," said Graham Cluley, senior technology consultant at the security firm Sophos, in Abingdon, Oxfordshire, England. "I know we were taught by our parents not to tell fibs.
"But it's okay to be less than honest when it's online, and when it's a website asking you a question like, 'What was the name of your first pet?' or the first street you lived on, or 'What was your mother’s maiden name?'" Cluley said. "Things that other people may be able to find out — in some cases, because they're part of the public record."
In such cases, why would you have to tell the truth? It's not as though those websites have ways of checking.
"So your mother's maiden name may have been Jones, but the website doesn't know that," Cluley said. "So you can quite happily type in, 'Xena, Warrior Princess,' or whatever you want to put in."
Beth Jones, a senior threat researcher at Sophos' U.S. office outside Boston, agreed.
When you're answering security questions on social-media sites such as Facebook, there's really no reason for you to provide your correct birth date, Jones said.
"So maybe you change the month, or you change the year," Jones said.
A tangled web
The drawback to all of this is that you'll have to use something you'll remember, Jones said — and that can be quite difficult.
"People say they have a hard time remembering different passwords," she said. "Are you going to remember all the twisted information you've given on every site?"
Cluley concurred, saying that whatever false information you use has to be something that other people can't guess, but that you have a way of remembering.
"That is basically the same rule as passwords," he said. "The reason I say you 'have a way of remembering,' is that you don't have to remember it in your head.
"So, for instance, there's password-management software out there that can also help you manage other information."
In fact, Cluley said, some people use password-management software to remember credit-card details, or their PINs, or the combinations to their safety-deposit boxes.
That means you could put an entry into the software saying, "OK, this is an entry for my mother's maiden name on a particular site."
"Why not do that?" Cluley said. "As long as you secure that software with a strong master password, then that's the only password that you should have to remember.
"I don't know what my Gmail password is. You can torture me all you want, [but] I have no way of telling you what those are. I do know what my master password is, and that's how I get all that other information."
Sometimes you have to fess up
There are instances when telling the absolute truth online is very important, such as when you're applying for a mortgage or other loan. Not telling the truth would be a breach of contract, Cluley and Jones both said.
"There are things like that where you need to tell the truth," Cluley said. "But when it's a website like Facebook, or an email [service], they have no way of checking. It's not their business anyway.
"Would you trust them to store that information securely?" he asked. "There are some websites that ask you for lots of information, but a lot of that is not compulsory.
"As a kid, I remember I had to clean my plate. Now as I'm older, I'm learning it's not a good thing to eat everything in front of me," he added. "Equally, people see empty spaces on a website and think they have to fill [them in]. They don't."