“Forgot your password” links: Backdoor for Hackers

People in today's world tends to use stronger passwords to safeguard their online interest and to seal off vital information on the internet. Eight or more characters password, three of which are numbers, which consist of a small letter, capital letter, and one of which is a symbol like (%$^&) is pretty mundane nowadays. Brute forcing such a strong encrypted password is not a very likely option for a hacker. It's virtually impossible and if a hacker is successful to break in the code, it takes ages that he might forget the smell of 2008 fresh air. Instead of going the long winding road without so much promises on the success rate, the easiest way for a hacker to weasel into your account is likely the "Forgot your password?" link.


"Forgot your password?" features provide businesses and site owners a simple way to reset a forgotten password, provided he can verify his credentials by asking a few personal questions that should only be known to the rightful user. For years the typical question was, of course, the "Mother's maiden name" challenge. In recent years, additional challenges have emerged, such as asking the street you grew up on, your favorite pet, and grandparents' first names.


The question is whether are they all really secured? They were safe decades ago but not in this internet era, where abundant of information keep pouring in, your personal information drawn from your past is now widely available for public consumption. There's no statistical data to support this but there are isolated cases reported and even Paris Hilton is said to have fallen prey to the "what is your dog's name?" password reset hack. You may visit this great article on how it's done if you seek more proof.


The solution is clear; don't use data that can be easily guessed or easily discovered. You may twist the data a little (example: 1Hannah1 is the answer for "your mother's maiden name" question though the real one is Hannah or use completely different set of answers for those questions). Make sure to keep them written down and put in the safe place.


0 Comments: