Web email password reset danger
Recent news about vice-presidential candidate Sarah Palin having her Yahoo email account hacked illustrates a weak point in the security of many Web based services. Many services allow you to request a new password if you have forgotten your existing one. Usually, the only information needed to obtain a new password is the login name and the answer to a security question. In the case of email, the login name is part of the email address so anyone can figure that out. In the case of the security question, the requested answer is often easily guessed or, as in Palin’s case, is available from online information. For example, your mother’s maiden name or your favorite color are not good choices. In the first case, this information is easier to find than you may realize. In the second case, the number of possible answers is quite small and a hacker can easily try out all the likely possibilities. Pick a security question whose answer is not easy for a hacker to guess. Either that or pick a nonsense word for your mother’s maiden name, such as “qvthdex”. (If you really want security make it longer.) But then you have to remember it.
Did you enjoy this post? Why not leave a comment below and continue the conversation, or subscribe to my feed and get articles like this delivered automatically to your feed reader.
Comments
No comments yet.
Sorry, the comment form is closed at this time.