This should be common sense at this point, but the fact that they continue to trend on social media suggests plenty of people need the reminder: Stop participating in those weird memes that ask you to provide seemingly innocuous personal information (your full name + the street your grew up on + your first car, etc.) in order to generate your Baby Yoda name, or your stripper name, or your witness protection name. Not only does no one actually care, but these “fun” little internet time-wasters pose a big security risk.
As for why, it should be obvious. A number of these quizzes or silly internet chain messages ask the same sorts of account-recovery questions you’d encounter when attempting to log in to a secure online account. I can’t count the number of times I’ve seen an app or service ask for the “street you grew up on,” “the city you were born in,” “childhood elementary school,” or other similar questions as part of its account-recovery mechanism.
Yes, this would require an attacker to know something about your accounts already — such a the email you use for a particular service — and also track you down on social media to see if you’ve answered questions like these. Still, automating a tool for doing that doesn’t seem out of the question. If you’re posting this kind of information publicly, you’re only putting yourself at risk.
As 1Password wrote back in 2018:
Playing games, taking quizzes, and even commenting on “What’s your X name?” posts can provide criminals with the answers to your security questions. Maybe you combined your mother’s maiden name with the colour of your first car to find out that if you were a street racer, you’d go by the name of Fitzpatrick Gold. This could grant them access to your accounts where they can steal your information, and some of these games take things even further.
Some quizzes send you to a site where you add the information directly, or a game asks to connect to your social media account to access your data. They take this information and spit out a funny name, a mythological creature, or the breakfast cereal that best resembles your personality. Then you can share the results on your page to encourage others to do the same.
Unfortunately, it’s no coincidence that a lot of the information they request is the same information used to answer the security questions websites ask when you set up an account. These questions can act as a fall-back if you forget your password or get locked out. But if someone else answers these questions correctly, they can change your password and take control of your account.
If you’ve been answering these kinds of quizzes for some time, all hope is not lost. First, take some time to figure out where you typically post these things and, if possible, delete them. This is less of a concern if you restrict your posts to friends-only status on a particular social network, but more problematic if you just let your name combinations loose in the public sphere. (In other words, you should really just go ahead and delete all those old tweets you never look at.)
You can also go through your major accounts and make sure that you’ve set up some kind of two-factor authentication, which should hopefully give you an added layer of security if someone attempts to reset your password. Additionally, I would assume that most major services would send a password-reset link — or a new password — directly to the email address you associated with the service. So, at minimum, make sure you’ve locked down your email accounts with 2FA and very strong, unique passwords. If you’ve allowed apps or services access to your email account but you no longer use them, revoke those permissions.
Finally, know that you never have to be honest. I don’t know why people assume that they have to answer security questions honestly. You don’t. The street you grew up on could be “Cinnabon.” Your mother’s maiden name can be something straight out of the playbook of Elon Musk. You could use a super-complicated password as the answer to a security question, and then store that answer in your favourite password manager (or pen-and-paper notebook, or whatever). Believe me, nobody is going to guess that your first pet was named “3D4$j87#jdFd!9.12([email protected]$US84 ($111).”
Those online quizzes, memes, and other viral content generators might look innocent and fun, but any personal data you post in a public environment could come back to haunt you someday. Even if you think you’re just participating in a friendly joke, there might be a bit more to your answers than you realise — even for something as seemingly stupid as your “stripper name.” And now that you are on alert, also avoid random online polls, surveys from an unknown source, and anything else that wants you to offer up your info in exchange for a meaningless bit of amusement.