"Forgot your password" links the easy way in for hackers
Wed Sep 3, 2008 11:31AM EDT
See Comments (517)
Never mind creating a password with at least eight characters, two of which are numbers, one of which is a capital letter, and one of which is a symbol like (*&^%$). The easiest way for a hacker to weasel into your account is likely the "Forgot your password?" link.
"Forgot your password?" features are older than the Internet, providing businesses and site owners a simple way to let a user reset a forgotten password, provided he can verify his credentials by asking a few personal questions that only the rightful user should know.
For years the archetypical question was, of course, the "Mother's maiden name" challenge. In recent years, additional challenges have emerged, such as asking the street you grew up on, your favorite pet, and grandparents' first names.
Is all of this stuff really secure? More than one researcher is sounding the alarm over these tools, noting that while this data may have been private a decade ago, in an era of personal blogs, online resumes, and rampant social networking services, "personal" information drawn from your past is now widely available for public consumption. According to a researcher at PARC, you can even buy black market directories of personal information "like dog's names," for about $15 per batch. It's certainly a lot easier than guessing passwords like AHFplug41*.
Think this doesn't happen? There aren't any statistics available, but these hacks are widely suspected in myriad cases where accounts have been compromised. (Even Paris Hilton is said to have fallen prey to the "what is your dog's name?" password reset hack. It doesn't help to have one of the most infamous dogs in America...) But if you need more proof, check out this "how I did it" step by step guide to hacking a password from one writer at Scientific American. In about an hour, it seems, our researcher managed to compromise one (willing) victim's life entirely through password reset links.
MSNBC has an exhaustive amount of additional information on the issue, but the takeaway is clear: If you provide information for password reset systems, don't use data (like other people's names and addresses) that can be easily discovered or guessed. Better yet, consider creating a second tier of passwords you use for questions like these, and keep them written down and locked in a safe if you must. In other words: Your mother's maiden name may really be Jones, but that you can't pretend it wasn't Mxlpxlxl!7631.
Top 5 Posts
More About Miscellaneous
Comments on 4th of July fireworks photography tips
Post a Comment
Join in the discussion. Here you'll see the comments in the order they were posted.
-
2 Posted by alexgannis on Wed Jun 24, 2009 7:45PM EDT Report Abuse
You're 100% correct thanks, I made some great shot last year on my Canon 40D ISO 100 bulb setting. bulb is not a fla----- s a setting in pro camera manuel mode.
-
3 Posted by lubbcraig on Thu Jun 25, 2009 7:17AM EDT Report Abuse
i guess this is a yearly post for you eh? XD
-
4 Posted by rogueist on Thu Jun 25, 2009 9:20AM EDT Report Abuse
You forgot the most important tip - dont stand over the fireworks expecting to catch a firecracker (or M80) exploding on the ground, or a bottle rocket or roman candle as they launch.
-
5 Posted by gullwingdoors on Thu Jun 25, 2009 10:13AM EDT Report Abuse
Good article. I think I'll try some of this stuff with my A590IS. Another tip for those whose camera does not have those settings, if it is a Cannon, try the CHDK firmware. http://chdk.wikia.com/wiki/CHDK It adds a ton of extra features including the ones mentioned in this article (rapid fire, long exposures, etc).
Sponsored Links
My Tech
Please enable your browser's cookies to activate the My Tech column.
Also on Yahoo! Tech
| Computers | Home Office | Wi-Fi & Networking | Phones & PDAs | Cameras & Camcorders | TV & Home Theater | Portable Audio |
|---|---|---|---|---|---|---|
1 Posted by pb_enial on Wed Jun 24, 2009 5:15PM EDT Report Abuse
Thanks for the tip. Just bought a Canon A480.