Student Faces At Least 10 Years Jail Time For Guessing a Password
Title sounds ridiculous doesn’t it? But it’s true!
I’m sure by now, everyone has heard how Sarah Palin had her Yahoo E-Mail account illegally accessed during the 2008 US presidential election campaign. The account was accessed by providing the correct answers to security questions presented by the password retrieval system on Yahoo E-Mail.
I won’t focus too much on the details of what happened, instead I want to focus on how this applies to everyone else.
The key take away is, this can happen to anyone. In this case, the so called ‘hacker’ wasn’t even the typical hacker you usually hear about. According to the article, he lacked in-depth knowledge about computers. All he had to do was search the Internet for the information.
You’re probably reading this thinking this could never happen to you. If you use either Twitter, Facebook, LinkedIn, discussion forums, or any other form of social networking, then think again.
Why? Because social networking sites contain a wealth of personal information about you and that information could potentially be used against you, the same way it it was used against Sarah Palin.
For example, in the article, one of Sarah Palin’s security questions asked her her birthday. David Kernell found the information on Wikipedia. While we aren’t all as famous as Sarah Palin to have a Wikipedia page, the same type information could be easily gleaned from Twitter or Facebook. Some people even announce on Twitter that it’s their birthday! Thanks!
Obviously, the one piece of information (the birthday) is likely useless on its own, but armed with other pieces of information, anything is possible. In this situation, public information was used to view a private e-mail account by answering security questions meant for retrieving a lost password.
So what are the lessons learned to avoid this bad situation?
- Always use a FAKE answer to the security questions that are part of any password retrieval system on the Internet.
- Never provide a security question with an answer that could be taken from social networking websites.
I’m not trying to say people should stop participating in online social networking. I’m just saying people just need to be careful about what information they post online. They need to think about how that information could be used against them, now or in the future.