Jump to content

Photo

"Forget your password" link...I never thought of this


  • Please log in to reply
9 replies to this topic

#1 Dez921714

Dez921714
  • Sr. Member
  • 1,489 posts

    Posted 05 September 2008 - 12:34 PM

    "Forgot your password" links the easy way in for hackers
    Wed Sep 3, 2008 11:31AM EDT


    Never mind creating a password with at least eight characters, two of which are numbers, one of which is a capital letter, and one of which is a symbol like (*&^%$). The easiest way for a hacker to weasel into your account is likely the "Forgot your password?" link.

    "Forgot your password?" features are older than the Internet, providing businesses and site owners a simple way to let a user reset a forgotten password, provided he can verify his credentials by asking a few personal questions that only the rightful user should know.

    For years the archetypical question was, of course, the "Mother's maiden name" challenge. In recent years, additional challenges have emerged, such as asking the street you grew up on, your favorite pet, and grandparents' first names.

    Is all of this stuff really secure? More than one researcher is sounding the alarm over these tools, noting that while this data may have been private a decade ago, in an era of personal blogs, online resumes, and rampant social networking services, "personal" information drawn from your past is now widely available for public consumption. According to a researcher at PARC, you can even buy black market directories of personal information "like dog's names," for about $15 per batch. It's certainly a lot easier than guessing passwords like AHFplug41*.

    Think this doesn't happen? There aren't any statistics available, but these hacks are widely suspected in myriad cases where accounts have been compromised. (Even Paris Hilton is said to have fallen prey to the "what is your dog's name?" password reset hack. It doesn't help to have one of the most infamous dogs in America...) But if you need more proof, check out this "how I did it" step by step guide to hacking a password from one writer at Scientific American. In about an hour, it seems, our researcher managed to compromise one (willing) victim's life entirely through password reset links.

    MSNBC has an exhaustive amount of additional information on the issue, but the takeaway is clear: If you provide information for password reset systems, don't use data (like other people's names and addresses) that can be easily discovered or guessed. Better yet, consider creating a second tier of passwords you use for questions like these, and keep them written down and locked in a safe if you must. In other words: Your mother's maiden name may really be Jones, but that you can't pretend it wasn't Mxlpxlxl!7631.
    http://ticker.7910.o....25vdCBpbiA.gif27 Confirmed with Plane Tickets...5 with rooms booked!

    150 INVITES / 6 YES / 13 NO

    #2 boscobel

    boscobel
    • VIP Member
    • 24,213 posts

      Posted 05 September 2008 - 12:37 PM

      holy crapola, thats insane!

      #3 aimee!

      aimee!
      • Member
      • 696 posts

        Posted 05 September 2008 - 01:15 PM

        ugh, scary! now i'm running all my passwords through my head... there are soooo many!

        thanks for posting & giving us a "heads up" :)
        Wedding & TTD Slideshow (by Sascha Gluck)

        #4 ACDCDCAC

        ACDCDCAC
        • Moderators
        • 25,218 posts
        • Wedding Location:Santa Maria Bay Beach, Cabo San Lucas, BCS, Mexico
        • LocationSeattle

        Posted 05 September 2008 - 01:30 PM

        omg dez there are so many freaking passwords between home and work to remember. sometimes i'm glad i'm always broke cause if someone did guess my bank pins, etc, they wouldnt get jack.

        #5 EricaG

        EricaG
        • Sr. Member
        • 1,915 posts

          Posted 05 September 2008 - 01:38 PM

          That is something that I have thought of when doing those questions. There are several questions that I will not use because I think the answer could easily be found out by someone. Just remember that as unfortuanate as being hacked is, sometimes is it someone that you know, so they may already know the answers without having to dig for them!!! Sometimes people are just snoopy and you will never even know that they were in there!
          http://i141.photobuc....DSC_0038-1.jpghttp://i141.photobuc....DSC_0463-1.jpg
          My wedding review of the Grand Palladium Palace, Punta Cana, Dominican Republic
          http://bestdestinati...om/forum/t35125

          Our Professional Wedding and TTD Pictures by Photo Souvenirhttp:...

          #6 beachbride08

          beachbride08
          • VIP Member
          • 2,372 posts

            Posted 05 September 2008 - 03:21 PM

            Interesting! I can barely remember my passwords, now I have to make up fake answers to remember? Ugh!
            Michelle

            #7 Kristy!

            Kristy!

              VIP Member

            • VIP Member
            • 6,368 posts

              Posted 05 September 2008 - 03:25 PM

              When I worked in banking, I would tell people to lie about their mother's maiden name all the time. I told them that I don't care what it is, as long as it matches what I have on my screen.

              #8 Dez921714

              Dez921714
              • Sr. Member
              • 1,489 posts

                Posted 07 September 2008 - 10:23 AM

                yeah, I think I might make up a one word "fake" answer and change all of my and FI's security questions...like our mom's maiden names might suddenly be "Mexico" or "Fuzzybottoms" or something else odd....
                http://ticker.7910.o....25vdCBpbiA.gif27 Confirmed with Plane Tickets...5 with rooms booked!

                150 INVITES / 6 YES / 13 NO

                #9 DLyteful

                DLyteful
                • Member
                • 879 posts

                  Posted 07 September 2008 - 10:31 AM

                  Wow, I never even considered this..... thank you so much for posting and bringing it to our attention. Now I have to work on ALL my password question.....

                  #10 Jenn

                  Jenn
                  • Sr. Member
                  • 1,557 posts

                    Posted 07 September 2008 - 11:21 AM

                    That's friggen scary! Totally crazy!




                    0 user(s) are reading this topic

                    0 members, 0 guests, 0 anonymous users