Keeping clients' computers safe and profitable for over 30 years | |||
Home Forms About Current Newsletter subscribe Search All Articles
Browse by Category
|
Security News and TipsSome of the latest scams to get you to download spyware into your computersHere are some of the latest scams trying to trick you into installing malware onto your computer
What we can learn from Sarah Palin's Email account hackOne of the security holes that have often amazed me is the use of "security questions" by banks, email providers and others. I call them 'insecurity questions". I've never understood how they can be such fools. The purpose of these questions are to bypass the password for your account. Think about this for a moment. These questions are often used if you "forget" your password, or someone calls or emails claiming to be you, and doesn't know your password. These questions are essentially alternate passwords. Yet they are frequently questions like, "where were you born?", or "What is your mother's maiden name?". If you answer correctly, then those answers can often be found on the Internet or guessed. In Sarah Palin's case, the question was, "Where did you meet your spouse?" The answer she put in was "Wassila High", which the hacker guessed on the third try. It has been widely reported that she met him in high school in Wassila. Once he'd made that guess, he was allowed to reset her email password and have access to the account. Whenever you are asked these security bypass questions, always lie! I normally simply repeat my randomly generated password and make sure I have multiple backups of my encrypted password database. I copy and paste my answer into the program. Sometimes, I make up random answers, like Question: "Year your father was born?" Answer: "chocolate covered ants". I don't repeat the answers. Avoid Re-using the same passwordYou need to avoid re-using the same password in multiple places. If some low security site get hacked and criminals get your password, they will try and use it at your bank, or Amazon account and other more important places. You need to have a password database program and use it. I've written an article on their use here
Date: October 2008
This article is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License. |
||
|