Several weeks ago we all read the headlines about a hacker accessing one of the vice presidential candidate's personal Yahoo! email account. It turned out the hacker didn’t even need to use fancy coding maneuvers or computer wizardry. Instead, he used one of the oldest tricks in the privacy-invasion book: he changed the password to their account.
Many online services that require a login and registration include some means of retrieving your password in case you ever lose or forget it. First you have to offer up some identifying information. Once the service has concluded that you are who you say you are, it will either remind you of your password or provide you with a new one. Either way, it can be pretty easy for an impostor to get access to your account.
In the case of the vice presidential candidate's account, the hacker was asked to answer a simple question that was easily found through basic Internet research. What can you do to avoid some online ne’er-do-well from accessing your personal accounts through a password reset?
A couple of things:
Internet security experts have thought for some time that the password reset was among the most easily exploited security measures around, and that’s why many services are doing away with it. In the meantime, you might want to take a few minutes to change your identifying questions and answers so that they aren’t easily cracked.