Psssst! Your date of birth can be a random number!
By @edent
· CyberSecurity opsec · 14 comments · 300 words · read ~2,822 times.
For lots of online accounts, a date of birth is nothing more than a very weak second factor.
The majority of places aren't checking your identity, cross-referencing your birthdate, and personalising your experience based on your Zodiac sign. At most, they'll wish you a happy birthday and / or let you recover your account by providing your date of birth.
But, of course, lots of people know your birthday. Everyone you went to school with, family members, colleagues. It might even be on your Wikipedia bio.
A date of birth is not a suitable security measure. So I set mine to be a random number.
Let's get a few things straight. Don't lie to the cops, the state, or your spouse. If you give an incorrect date of birth to an insurance company, medical provider, or financial institution; you're gonna have a bad time.
But for most other services...?
If I'm signing in to a free WiFi service, my date of birth is 1st of January, 1901 (or whatever the earliest year they will accept).
If a service uses my DoB for account recovery, I generate a random number, save it in my password manager, and tell the site I was born on 17/07/1985, or whatever.
Look, I'm aware there are some theoretical downsides. If you ever lose your fake details, you won't be able to prove your identity using official ID. If you use fake details to get an age related discount, that's probably fraud - so don't do that!
For the vast majority of services which have no legitimate reason for knowing your age, it's OK to use a random number.
@Edent I went to school at h4sIOq&xeEE0, you know.
@Edent I'd recommend not giving a date with a year less than 18 years in the past. There are services in the past that have changed their policies and suddenly deleted accounts based on provided birthdays. (Similar advice goes for stated locations.)
Ian says:
If (big if) they are using the date of birth as a secondary ID validation AND also sending out happy birthday alerts, then unless they're very clever about how they do it, I'd wager good money that the date of birth is stored in open text in their database.
Which would break the general principle of always encrypting anything related to security information.
@blog I like 84 as Orwell reference.
@Edent one time I did this, I forgot I had and locked myself out of my Vodafone account. I had to ring 15 times till I guessed the correct date!
mike says:
I use an easy to remember consistent lie for things which do not need to know my age. And I can start every calender year by claiming a free fake birthday doughnut from a popular high street bakery chain. The downside of this is that if I want a doughnut on my actual birthday I have to pay for it myself or persuade someone else to. But overall I am content to trade free real birthday doughnut for a bit of privacy.
Owen says:
Yes, I've been doing this for years. So for no downside, apart from not getting that free doughnut on my real birthday.
Dr. Watdaughter says:
According to Steam database, at least half of the users were born on January 1st.
Psssst! Your date of birth can be a random number! | Hacker News
@Edent but sometimes they check it is a real date so my default of February 29th 1900 gets rejected
@Edent I do this with security questions. As long as you give the correct specified answer to the correct specified question, the answer itself does not have to be factually correct to the question.
Mother's maiden name: Fortescue-Smythe-Johnson
@Edent I always use my sister's DoB. Different from mine and easy to remember
@Edent
Just making up things like your DofB, mother's maiden name, birthplace, etc. prevents identity stealers from just looking up that info and using the real information to answer online (or offline) security questions.
@Edent I used to do this with forums that required a D.o.B. The result is that, throughout the year I used to get an automated "Happy birthday from..." email.
Sadly, they seem to have stopped now
More comments on Mastodon.