Avoid a Palin: Strengthen Your Password Recovery Info
Sarah Palin’s hacked Yahoo! Mail account is old news. But the sheer simplicity of the method used to gain access should still be of concern to every computer user.
Almost everyone knows a strong password is important. (Check out how to make an ultra-strong password in three steps.) However, even if you have a strong password, there are other ways to gain access to your accounts.
As Palin found out this past summer, the weakest link in account security isn’t the password itself, it’s the password reset mechanism. Many online accounts will allow users to reset their password by answering a few security questions. If a hacker answers those questions correctly, they can reset your password and gain complete access to your account.
Herbert Thompson, a writer at Scientific American, wrote an article detailing how he broke into an acquaintance’s online banking account using information that was freely available online. His first-hand account of strong-arming his way into sensitive financial information (with his friend’s permission, of course) made me question the security of all my online accounts. If it only took him a couple of hours to figure it out, how long would it take a professional hacker?
This could happen to you. Find out how to protect yourself from this security loop-hole.
Setting truthful answers for security questions is convenient because the truth is easy to remember. But providing truthful answers often works against ensuring account security.
In this day and age, all sorts of personal information (such as birth dates, previous employers, and old addresses) can be found on social networking sites, user blogs, or through online public records. A hacker with a little motivation can easily find the information they need for simple password recovery questions.
It’s simple to strengthen your password recovery information. You should think of the answers for security questions as another password. Google suggests the following tips when choosing answers for password recovery purposes:
- Choose a question only you know the answer to and that is not associated with your password.
- Choose a question that cannot be answered through research. (For example, your mother’s maiden name, your birth date, your first or last name, your social security number, your phone number, your pet’s name, are questions that can be easily researched.)
- Choose an answer that is memorable, but not easy to guess. Your answer should be a complete sentence.
- If you write your own question, do not choose a question that has an obvious, short, or common answer.
Adding another line of protection by safe-guarding the contents of your webmail inboxes is also a good idea. Even if someone were to get past the password recovery security questions, they still wouldn’t be able to read your email. The simplest way to do that is to install MailCloak, an innovative email encryption program that allows you to encrypt and decrypt webmail and regular email messages on the fly.
This is an easy fix for a big hole in online security and it’s a fix you can implement in under five minutes. So why wait? Do it now.
![[del.icio.us]](http://images.del.icio.us/static/img/delicious.small.gif){kind=small}
You made a few fine points there. I did a search on the theme and found mainly folks will agree with your blog.