Jump to content
Sign in to follow this  
Dez921714

"Forget your password" link...I never thought of this

Recommended Posts

"Forgot your password" links the easy way in for hackers

Wed Sep 3, 2008 11:31AM EDT

 

 

Never mind creating a password with at least eight characters, two of which are numbers, one of which is a capital letter, and one of which is a symbol like (*&^%$). The easiest way for a hacker to weasel into your account is likely the "Forgot your password?" link.

 

"Forgot your password?" features are older than the Internet, providing businesses and site owners a simple way to let a user reset a forgotten password, provided he can verify his credentials by asking a few personal questions that only the rightful user should know.

 

For years the archetypical question was, of course, the "Mother's maiden name" challenge. In recent years, additional challenges have emerged, such as asking the street you grew up on, your favorite pet, and grandparents' first names.

 

Is all of this stuff really secure? More than one researcher is sounding the alarm over these tools, noting that while this data may have been private a decade ago, in an era of personal blogs, online resumes, and rampant social networking services, "personal" information drawn from your past is now widely available for public consumption. According to a researcher at PARC, you can even buy black market directories of personal information "like dog's names," for about $15 per batch. It's certainly a lot easier than guessing passwords like AHFplug41*.

 

Think this doesn't happen? There aren't any statistics available, but these hacks are widely suspected in myriad cases where accounts have been compromised. (Even Paris Hilton is said to have fallen prey to the "what is your dog's name?" password reset hack. It doesn't help to have one of the most infamous dogs in America...) But if you need more proof, check out this "how I did it" step by step guide to hacking a password from one writer at Scientific American. In about an hour, it seems, our researcher managed to compromise one (willing) victim's life entirely through password reset links.

 

MSNBC has an exhaustive amount of additional information on the issue, but the takeaway is clear: If you provide information for password reset systems, don't use data (like other people's names and addresses) that can be easily discovered or guessed. Better yet, consider creating a second tier of passwords you use for questions like these, and keep them written down and locked in a safe if you must. In other words: Your mother's maiden name may really be Jones, but that you can't pretend it wasn't Mxlpxlxl!7631.

Share this post


Link to post
Share on other sites

ugh, scary! now i'm running all my passwords through my head... there are soooo many!

 

thanks for posting & giving us a "heads up" :)

Share this post


Link to post
Share on other sites

omg dez there are so many freaking passwords between home and work to remember. sometimes i'm glad i'm always broke cause if someone did guess my bank pins, etc, they wouldnt get jack. sad.gif

Share this post


Link to post
Share on other sites

That is something that I have thought of when doing those questions. There are several questions that I will not use because I think the answer could easily be found out by someone. Just remember that as unfortuanate as being hacked is, sometimes is it someone that you know, so they may already know the answers without having to dig for them!!! Sometimes people are just snoopy and you will never even know that they were in there!

Share this post


Link to post
Share on other sites

When I worked in banking, I would tell people to lie about their mother's maiden name all the time. I told them that I don't care what it is, as long as it matches what I have on my screen.

Share this post


Link to post
Share on other sites

yeah, I think I might make up a one word "fake" answer and change all of my and FI's security questions...like our mom's maiden names might suddenly be "Mexico" or "Fuzzybottoms" or something else odd....

Share this post


Link to post
Share on other sites

Wow, I never even considered this..... thank you so much for posting and bringing it to our attention. Now I have to work on ALL my password question.....

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  


  • Best Destination Wedding Sponsors



    Facebook Pinterest Google+ Twitter
  • Posts

    • Let me know if it works. I'm really curious to know
    • I believe that it is absolutely not important what kind of gift, the main thing is that it was presented with all heart. For example, recently my friend had an anniversary and I gave him an original painting in word art style. He really liked it, as I found the right words. Hmm .. Finding out where their first kiss was will be a real problem, but I think it can be solved. Just arrange a walk with them and ask more about how they started dating, where they first met, etc. They themselves will reveal all the secrets to you. I hope you can make an amazing gift for them. Good luck !!
    • Discover our top new collection of bridal gowns & accessories – We are one of Europe’s largest bridal wear brands . Choose us and get affordable dresses, accessories and shoes, in latest designs, all made from the highest quality fabrics with wonderfully quick delivery times.From wedding dresses to accessories ,Our incredible new 2021 collection combines excellent quality, elegant designs with affordable prices and short delivery times. Discover the entire range today and become our Stockist Now. For more information log on to: https://bianco-evento.com/
    • I am looking for a best bride box subscription. I think it's a good idea while pandemic. As I can stay happy having bridal boxes each month. So, did someone have a one? What can you advise?
    • Hello everyone. Who have a destination wedding in 2020? Do you postpone it or celebrate? Please share with you experience.
  • Topics

×
×
  • Create New...