Sarah Palin and Internet Security

The recent news about a hacker getting into Gov. Sarah Palin's Yahoo mailbox shows at least one lesson about Internet security. When you have a login account to a website, make sure that if it has a "security question" to recover your password, you make it a question that someone can't look up or guess the answer from knowing your basic biography. Gov. Palin's secret question apparently was "Where did you meet your husband?", and the answer was on her Wikipedia page.

It did take some guessing though, because the answer was not just "Wasilla", but "Wasilla High". The account I've read says the hacker was at the "I've forgotten my password" page for 45 minutes until he guessed the right answer. This also seems like a lapse on Yahoo's part, that someone could submit several wrong answers to the secret security question without their system locking the account or locking the password recovery option.

PS. The above should not be construed as a defense of what the hacker did. If someone steals my car, he is a car thief. I may conclude it would be more prudent to get better locks on my next car, but it doesn't mean I 'deserved' to have the car stolen because I didn't have good locks on it.

No comments: