What was the name of your first pet?

You wouldn’t post your credit card number on your blog.

You wouldn’t post your bank account number on your Facebook page.

You wouldn’t respond to a stranger’s e-mail request with your current address.


But, have you considered how you protect that information?


In a recent Scientific American article, How I Stole Someone’s Identity, Herbert H. Thompson describes how a casual acquaintance gave him permission to try to break into her bank account using only few facts that he knew about her, plus the information that was freely available on her blog and an online resume.


Using “forgotten password” questions, he broke in easily.


You know, those questions that you need to answer when you forget your password—your mother’s maiden name, the street you grew up on, name of your first pet.


According to several news reports, last week a hacker broke into the personal e-mail account of Republican vice presidential candidate Sarah Palin using the same technique. According to the Wired Threat Level blog, Palin’s password question was “Where did you meet your husband?” The hacker did some research and some guessing and came up with the answer – “Wasilla High.”


What I learned from these two articles is that we should be very careful when we choose those password recovery questions.


The questions are usually pretty random, but sometimes we provide the answers to the world at large on our blogs and social networking sites.


After I read this article, I checked my accounts and changed my questions.


For more, read about how to choose strong passwords and keep them secret.

About the Author
Eve Blakemore

Group Manager, Trustworthy Computing

Eve Blakemore is a Group Manager for Trustworthy Computing who delivers consumer guidance around the latest trends in security and privacy. Eve joined Microsoft in 1998 and has worked in corporate and field roles with Microsoft Learning, US Public Sector, Read more »

Join the conversation

  1. Anonymous

    My e-mail address was blocked. I have no way of connecting with my contacts. How long will it be before my former address is operational?

  2. Anonymous

    the article is very interesting and helps us to avoid common pitfalls. It helps us to be very prudent while sharing the personal  information which we share with world at large

  3. Anonymous

    this is not my secret qestion on hotmail

  4. Anonymous

    m forget What was the name of my first pet? now what shoula i do

Comments are closed.