Security Lesson – Listen Up

Banks and other places enable you to recover or reset your password after you answer some “personal questions.” People, be careful of the questions and answers you provide. Here’s how a hacker got into Sarah Palin’s Yahoo! email account:

after the password recovery was reenabled, it took seriously 45 mins on wikipedia and google to find the info, Birthday? 15 seconds on wikipedia, zip code? well she had always been from wasilla, and it only has 2 zip codes (thanks online postal service!)

the second was somewhat harder, the question was “where did you meet your spouse?” did some research, and apparently she had eloped with mister palin after college, if youll look on some of the screenshits that I took and other fellow anon have so graciously put on photobucket you will see the google search for “palin eloped” or some such in one of the tabs.

I found out later though more research that they met at high school, so I did variations of that, high, high school, eventually hit on “Wasilla high” I promptly changed the password to popcorn and took a cold shower…

Mother’s maiden name? Miscreants can find it. You can, however, lie. My mother’s maiden name in Rindahl. Unless I’m filling out a paper, official form I never give that answer when asked. I might, for instance, give Hayward. That was my grandmother’s maiden name. Tougher for the miscreant crook or cracker. I might answer Groom or McGinnis, which are my sister’s married surnames. I might give the combination of all their middle names. Even more roadblocks for the hacker.

The key is to use something easy for you to remember that isn’t the truth. When this is applied to two or three questions it gets even harder for the cracker to circumvent the security and access your account. Answering with truthful, easy to find information is like leaving the key to your house underneath the doormat. It’s no safety at all.