You wouldn’t post your credit card number on your blog.
You wouldn’t post your bank account number on your Facebook page.
You wouldn’t respond to a stranger’s e-mail request with your current address.
But, have you considered how you protect that information?
In a recent Scientific American article, How I Stole Someone’s Identity, Herbert H. Thompson describes how a casual acquaintance gave him permission to try to break into her bank account using only few facts that he knew about her, plus the information that was freely available on her blog and an online resume.
Using “forgotten password” questions, he broke in easily.
You know, those questions that you need to answer when you forget your password—your mother’s maiden name, the street you grew up on, name of your first pet.
According to several news reports, last week a hacker broke into the personal e-mail account of Republican vice presidential candidate Sarah Palin using the same technique. According to the Wired Threat Level blog, Palin’s password question was “Where did you meet your husband?” The hacker did some research and some guessing and came up with the answer – “Wasilla High.”
What I learned from these two articles is that we should be very careful when we choose those password recovery questions.
The questions are usually pretty random, but sometimes we provide the answers to the world at large on our blogs and social networking sites.
After I read this article, I checked my accounts and changed my questions.