A+ R A-

Tech Talk With Greg Bailey

E-mail Print PDF

Share this article with a friend

Most parents today do what they can to protect their children from dangerous or inappropriate sources on the Internet. But are they doing what it takes to protect themselves? Not from chatting with strangers, but from malicious users who want to steal information.

The gut-wrenching feeling of trying to access an account and getting constant “Incorrect password” messages although you are certain that you are typing it correct can be painful. It becomes downright severe when the importance of the account moves from something trivial like a message board account to something more serious like a Facebook or email account, or even an online banking account.

There are several misconceptions surrounding online identity theft, account security, and similar issues. First of all, if someone has gotten access to one of your accounts, it is unlikely that the account was actually “hacked”.

What happens much more often is that information associated with the account was somehow found out by the interloper. This is much easier than it seems.

For example, consider the minor fiasco of Sarah Palin’s email account being “hacked.”

To the uninitiated, the scenario can conjure images of some kind of “super hacker,” using a souped up machine and typing at an obscene rate while text as indecipherable as the Matrix flies by on the screen.

The truth is much more mundane, at least according to the culprit. If he is to be believed, all that he had to do to gain access to Palin’s account was reset her account’s password. This can be done very easily, as long as you can answer the security question associated with the account. In Palin’s case, the answer to her security question, “Where did you meet your husband?” was found simply by using Google search.

The security question is something that most popular email clients (Gmail, Yahoo, AOL, etc) have you fill out when you make your account.

If you cannot remember your password for whatever reason, you can click the “I forgot my password” link on the sign-in screen. From there, you type in the account name, and then if you answer the question correctly, you can change the password to whatever you want.

I tried to do this on an old AOL account I’d made a few years back and haven’t touched since. The security question associated with the account? “Where did you grow up?” I answered with the name of my hometown, and my full name.

And that was it, I was now allowed to change my password to whatever I wanted, without logging in to the account or needing the original password.

I need to stress just how easy this was. The hardest part of changing my e-mail account password through “I forgot my password” was verifying that I was a human by entering letters from an image. The process took two minutes, and anyone who knows me or is willing to do a quick search on my name would have been able to get access to the account. Once I realized this, I started checking my other e-mail accounts. Some of them were secure, but one in particular had the question “What is the name of my school?”, the same question that allowed Palin’s e-mail to be compromised. I changed it quickly.

This should raise the obvious question: How secure is my email account? If you aren’t sure, I would highly recommend checking to see what your security question is. If you don’t know how to find it, you can use the “I forgot my password” option, and answer the prompts until you are asked the answer to your question. Once you see it, if it is a question that anyone could find the answer to if they looked for it, you should change it immediately. If you can’t figure out how to change it check the help information on the website, or simply Google “How do I change the security question on my ____ account?” to find out how.

Don’t make it easy for others to hi-jack your email acount.

This article is the first in a series devoted to Internet security, and learning how to keep you and your information safe.

Any questions, requests for clarifications, or comments can be sent to greg@bpcmediaworks.com

Add comment

By using our comment system, you agree to not post profane, vulgar, offensive, or slanderous comments. Spam and soliciting are strictly prohibited. Violation of these rules will result in your comments being deleted and your IP Address banned from accessing our website in the future. Your e-mail address will NOT be published, sold or used for marketing purposes.


Security code
Refresh

Quantcast