I was just browsing through some security-related blogs, and came across this posting on Security Tips & Talk. They’re talking about the ease in which Governor Palin’s e-mail address was hacked, and how it affects you and me.
Here’s the problem… Sites are using “information that’s only known to you” questions for their password resets, and in some cases, once you answer the questions they allow you to change the password right then and there. Sounds like a good thing right? And an easy thing to remember too, so what’s the problem?
The problem is, you may have blogged or put something up in a website or forum about how your first pet was “Georgie” and you miss him dearly. Or pictures of “Georgie” are floating on the Internet (complete with his name). So, when a person is trying to break into your account, they get your secret questions, and then Google (used as the “common” term only—any search engine works wonders) you for the answers. If you’ve posted anything with that answer, they can find it.
So, what can we do about this? Well we can’t tell our banks or other places not to use those questions. We can, but it will take an effort by a lot more than just you and me to get them to look at it. What we CAN do is this: Go to every site that we use frequently, and change those answers. Make a fake name for your first pet, or if there was a nickname that you and your friends had for your school, use that (ONLY if you’ve never posted it online). Same thing with your first car—use the nickname that you had for it, instead of what type it is.
Another tool that is extremely useful is a Password Manager. These programs are a one-stop spot for all of your password needs. All you have to do is remember one password to unlock the vault, and you can get into any site that you’ve stored in the manager. Some of them will allow you to generate passwords as well.
I’ll look into a few of them and tell you about them tomorrow.
Have a great day:)