I’m pretty paranoid about internet security, so I actually read the newsletters that my anti-virus software company sends out. This article is lifted directly from that newsletter, and I’m not even going to apologize for it. I think their security program is da bomb, but know I’m not endorsing any products nor getting paid to mention them. Just so you know.
Option 2 was a huge V-8 moment for me. Just so you know.
A hacker used one of the oldest tricks in the book to breach Sarah Palin’s personal Yahoo! account—taking advantage of the password reset feature. If it could happen to a vice presidential candidate, could it happen to you? Absolutely.
The password reset allows you to change your password if you’ve lost or forgotten it by first answering a question that only you are supposed to know the answer to. But if you pick an identifying question that other people might be able to answer, your password is vulnerable to a reset. The person who requested the reset then has full access to your account—and that’s what happened to Sarah Palin. According to news reports, a hacker correctly selected “Where did you meet your future spouse?” from Yahoo’s list of identifying questions, and then tested a few permutations of “Wasilla High School” before arriving at “Wasilla high.”
You basically have two options to protect yourself from intruders resetting your password. Option one is to select a question with an answer that hackers won’t be able to figure out by researching you online, and making sure you don’t have too much information about yourself on publicly available sources. It doesn’t take too much effort these days for people to locate common identifying data like ZIP code, high school, or your mother’s maiden name.
Your second option is to simply give the wrong answer to the identifying question you select. Just because the question is, “What was your high school mascot?” doesn’t mean the answer can’t be “X40g79.”
Thanks for the tip!