Dare Obasanjo has a eye opening post in his blog about how Sarah Palin’s email account is hacked. The hacker who hacked her account had, apparently, used common sense (and Google of course) to crack it.
This is a serious security issue:
The fundamental flaw of pretty much every password recovery feature I’ve found online is that what they consider “secret” information actually isn’t thanks to social networking, blogs and even Wikipedia. Yahoo! Mail password recovery relies on asking you your date of birth, zip code and country of residence as a proof of identity. Considering that this is the kind of information that is on the average Facebook profile or MySpace page, it seems ludicrous that this is all that stops someone from stealing your identity online.
Even the sites that try to be secure by asking more personal questions such as “the name of your childhood pet” or “where you met your spouse” fail because people often write about their childhood pets and tell stories about how they met on weddings sites all over the Web.
Either keep your mouth shut on the Internet or use better secret questions/answers. 🙂