MSNBC points out that the ubiquity of sites like Facebook and Myspace have rendered password resets based on personal questions dangerously insecure:
As an experiment, Herbert Thompson, chief security strategist of People Security, recently asked a few friends for permission to hack into their bank accounts. Using only information gathered from Web sites, Thompson found his way in within minutes. How?
After clicking on the familiar "Forgot your password?" link, one can access online accounts by entering your pet's name, identifying a high school mascot, or answering some other seemingly obscure questions. But there's a problem: A criminal can do that, too. With the help of social networking sites like Facebook and MySpace, personal trivia is getting less obscure all the time. You'd be surprised how easily someone can uncover Fido's name or your alma mater with a little creative searching.
Post new comment