How easy would it be to have your password or “secret” question answered? Find out how we often give away password clues and didn’t even know it.
The Scoop on the David Briggs Email Hack:
David Briggs admits that his password was not as strong as it should have been. He’s not alone. Briggs lost access to his Hotmail email account after hackers were able to guess his password or else the answer to his qualifying question.
Hackers locked Briggs out of his own email account and stole his identity, spamming all of his contacts. The hackers sent an email out that appeared to be from Briggs reporting that he was trapped in Malaysia and needed money transferred via Western Union.
Sarah Palin Too:
During last year’s heated Presidential campaign, the private Yahoo! Mail account of Sarah Palin, Republican vice presidential candidate, was hacked. The hacker, intent on derailing Palin’s campaign, used Wikipedia to learn Palin’s birthday, a standard security question used by Yahoo.
Twitter got Tweeted by a Hacker:
More recently a Twitter employee was the victim of a similar email hacking scam. The hacker guessed the answer to the employee’s email question and reset the password.
Twitter co-founder Biz Stone wrote, “About a month ago, an administrative employee here at Twitter was targeted and her personal email account was hacked. From the personal account, we believe the hacker was able to gain information which allowed access to this employee’s Google Apps account which contained Docs, Calendars, and other Google Apps Twitter relies on for sharing notes, spreadsheets, ideas, financial details and more within the company.”
How safe is your password?
Whether taken or not, we’ve gotten lots of helpful advice about creating passwords that don’t reflect your birthday, your graduation year or your pets. We’ve gotten advice about making passwords longer, mixing capital and lowercase letters and numbers.
But then there are those “Forgot your password?” security questions. According to a study by Microsoft Research and Carnegie Mellon University, the most popular web mail providers, AOL, Google, Microsoft and Yahoo, all use “secret questions” that appear to be even weaker than the passwords themselves. Since the study, Yahoo says they’ve updated their personal questions.
Look at any list of your friends and family, whether from your address book, your Facebook account or your email buddies. Put your finger on any name and ask yourself:
“Where did he go on his honeymoon?” (Costa Rica)
“What’s the name of her dog?” (Benson)
“What’s the name of her favorite aunt?” (Patti)
“What’s his favorite food?” (pizza)
Even a hacking stranger could find out lots of this information with a little research from social networking sites like Facebook or MySpace. How many have their honeymoon photo album posted? How often are these photos labeled or either standing in front of identified landmarks?
A visit to family tree websites like Ancestry.com or Geneology.com can give a con artists a list of your aunts and to start the “who’s your favorite” guessing game.
Even your age and your trash leave clues. If you are nineteen and/or you have six pizza boxes poking out of your recycling bin, pizza is a reasonable guess in answer to your favorite food.
Google’s g-mail accounts include your frequent flyer number, that is very well on your desk or your library card number, which is often dangling from your key chain.
Since it isn’t safe to record your email passwords, it really is imperative that you have an option for retrieving your password should your forget it but don’t make this convenience option put you at risk like David Briggs, Sarah Palin and the Twitter employee.
If it is an option, choose “create your own question” or give an un-guessable or un-researchable answer such as “my favorite food is artichokes.” Oops, now I have to go change the answer to my security question.