Several weeks ago we all read the headlines about a hacker accessing one of the vice presidential candidate’s personal Yahoo! email account. It turned out the hacker didn’t even need to use fancy coding maneuvers or computer wizardry. Instead, he used one of the oldest tricks in the privacy-invasion book: he changed the password to their account.
Many online services that require a login and registration include some means of retrieving your password in case you ever lose or forget it. First you have to offer up some identifying information. Once the service has concluded that you are who you say you are, it will either remind you of your password or provide you with a new one. Either way, it can be pretty easy for an impostor to get access to your account.
In the case of the vice presidential candidate’s account, the hacker was asked to answer a simple question that was easily found through basic Internet research. What can you do to avoid some online ne’er-do-well from accessing your personal accounts through a password reset?
A couple of things:
- Choose identifying questions that aren’t easily answered through basic Internet research. If you keep a blog about Italian cooking, don’t make your identifying question about your favorite kind of food.
- Invent answers to your identifying questions and keep a separate list. Just because your mother’s maiden name was Smith doesn’t mean you can’t tell Yahoo it was Jones. Just keep a list so that you have your answers straight. It can be as easy and as old-school as writing down all your questions and answers with a pen and paper and keeping the list in a safe.
Internet security experts have thought for some time that the password reset was among the most easily exploited security measures around, and that’s why many services are doing away with it. In the meantime, you might want to take a few minutes to change your identifying questions and answers so that they aren’t easily cracked.