The Second Version

17/09/08

Protecting Your Password

The story of how Sarah Palin's Yahoo mail account was hacked and her private corrispondence revealed is all over the web; I have nothing political to add except for the fact that the hacker who materially broke into the account may be a hyperactive teenager, but the individuals in more "respected" media who republished the private material are slimy bottom-feeders who deliberately wallow in filth.

However, what common people will probably want to know, is how to mount a defense against this kind of attack.

In this case, the hacker used Yahoo's password retrieval facility and obtained the required information with Internet searches, induction and a little of trial-and-error.

A simplistic solution would be to provide false personal data (birthdate, name, address) at the registration stage, but this is a breach of the terms of service and possibly an actual felony. So I cannot recommend that.

Usually the password retrieval process asks one or more "security" question, such as mother's maiden name. If the provider allows a personalized security question, do not use a trivial one, but be creative: put in there a drunken exchange with your best friend, or a citation from a weird conversation you once had with a random nutcase and remained in your mind. Avoid quotes from movies/songs/books because those are in the public domain.

If the website only allows a choice of stock questions, do not insert the real answer. Use instead code words, anagrams (weak method), any easy to remember word or (best of all) random words. Write them down if you're afraid you would forget.

Of course, the less information about yourself are in the public domain, the harder will be for a social engineer hacker to succeed.

A strong password - containing upper and lower case letters and numbers in a non-obvious sequence - is the necessary requisite for security. However, no password will help if an user leaves his computer unlocked at lunch time, or he does not log off his e-mail account before other users access the machine. Awareness is, always, the key.

Etichette: , ,

0 Commenti:

Posta un commento

Iscriviti a Commenti sul post [Atom]



<< Home page