The Vulnerable Password Recovery Schemes

Dare Obasanjo has a eye opening post in his blog about how Sarah Palin’s email account is hacked. The hacker who hacked her account had, apparently, used common sense (and Google of course) to crack it.

This is a serious security issue:

The fundamental flaw of pretty much every password recovery feature I’ve found online is that what they consider “secret” information actually isn’t thanks to social networking, blogs and even Wikipedia. Yahoo! Mail password recovery relies on asking you your date of birth, zip code and country of residence as a proof of identity. Considering that this is the kind of information that is on the average Facebook profile or MySpace page, it seems ludicrous that this is all that stops someone from stealing your identity online.

Even the sites that try to be secure by asking more personal questions such as “the name of your childhood pet” or “where you met your spouse” fail because people often write about their childhood pets and tell stories about how they met on weddings sites all over the Web.

Either keep your mouth shut on the Internet or use better secret questions/answers. 🙂

Advertisements

One thought on “The Vulnerable Password Recovery Schemes

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s