Find Your Location
Home » Blog » How to Prevent Password Resets

How to Prevent Password Resets

Submitted by CMIT Solutions on Friday, October 10, 2008
ShareThis


Several weeks ago we all read the headlines about a hacker accessing one of the vice presidential candidate's personal Yahoo! email account. It turned out the hacker didn’t even need to use fancy coding maneuvers or computer wizardry. Instead, he used one of the oldest tricks in the privacy-invasion book: he changed the password to their account.

Many online services that require a login and registration include some means of retrieving your password in case you ever lose or forget it. First you have to offer up some identifying information. Once the service has concluded that you are who you say you are, it will either remind you of your password or provide you with a new one. Either way, it can be pretty easy for an impostor to get access to your account.

In the case of the vice presidential candidate's account, the hacker was asked to answer a simple question that was easily found through basic Internet research. What can you do to avoid some online ne’er-do-well from accessing your personal accounts through a password reset?

A couple of things:

  1. Choose identifying questions that aren't easily answered through basic Internet research. If you keep a blog about Italian cooking, don't make your identifying question about your favorite kind of food.
  2. Invent answers to your identifying questions and keep a separate list. Just because your mother’s maiden name was Smith doesn’t mean you can’t tell Yahoo it was Jones. Just keep a list so that you have your answers straight. It can be as easy and as old-school as writing down all your questions and answers with a pen and paper and keeping the list in a safe.

Internet security experts have thought for some time that the password reset was among the most easily exploited security measures around, and that’s why many services are doing away with it. In the meantime, you might want to take a few minutes to change your identifying questions and answers so that they aren’t easily cracked.

 

CMIT Solutions

(800) 399-CMIT

quicktips@cmitsolutions.com

www.cmitsolutions.com


Blog Search

Sign up for QuickTips

Sign up for QuickTips

Get our FREE weekly email covering IT tips for your business.

In Their Words

"So at one point in history, your backup may be reliable and up-to-date, but with the information being so critical and with it changing literally thousands of times a day, having that backup through the Guardian system, almost a minute-by-minute backup, makes me feel very confident that the information, if we ever had a disaster here, if we had a fire, a tornado, or something of that disastrous...
-Doug Loesel, President, Loesel-Schaaf Insurance Agency