• CMIT on twitter

  • Advertisements

How to Prevent Password Resets

Several weeks ago we all read the headlines about a hacker accessing one of the vice presidential candidate’s personal Yahoo! email account. It turned out the hacker didn’t even need to use fancy coding maneuvers or computer wizardry. Instead, he used one of the oldest tricks in the privacy-invasion book: he changed the password to their account. 


Many online services that require a login and registration include some means of retrieving your password in case you ever lose or forget it. First you have to offer up some identifying information. Once the service has concluded that you are who you say you are, it will either remind you of your password or provide you with a new one. Either way, it can be pretty easy for an impostor to get access to your account. 


In the case of the vice presidential candidate’s account, the hacker was asked to answer a simple question that was easily found through basic Internet research. 


What can you do to avoid some online ne’er-do-well from accessing your personal accounts through a password reset?

A couple of things:


1.      Choose identifying questions that aren’t easily answered through basic Internet research. If you keep a blog about Italian cooking, don’t make your identifying question about your favorite kind of food.

2.      Invent answers to your identifying questions and keep a separate list. Just because your mother’s maiden name was Smith doesn’t mean you can’t tell Yahoo it was Jones. Just keep a list so that you have your answers straight. It can be as easy and as old-school as writing down all your questions and answers with a pen and paper and keeping the list in a safe.


Internet security experts have thought for some time that the password reset was among the most easily exploited security measures around, and that’s why many services are doing away with it. In the meantime, you might want to take a few minutes to change your identifying questions and answers so that they aren’t easily cracked.


CMIT Solutions

(800) 399-CMIT




Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: