For almost every password-protected website there’s a way to recover your password – the “Forgot Your Password?” link is ubiquitous. But it’s also dangerous. 

If you want to recover your password, chances are someone else can recover it for you. Most password-recovery systems will ask you a series of “security” questions such as ‘What is your cats name?’ or ‘Where did you grow up?’… problem is, in the age of Google and social networking sites like Facebook, that data is no longer secure.

Some web security experts are now calling these password reset tools the weakest link in Web security.

One web expert asked permission to hack into the bank accounts for several friends. Using only information he found online, he was able to trigger the bank reset, access the email via another password reset, then access the bank accounts. You can read more about his “social hack” experiment published here on Scientific American.

Security experts are positing that it won’t be long before portfolios of personal information will be bought and sold for large-scale password-reset hacking attempts.

So, what’s the solution? Coming up with secure challenge questions is not an easy task. A preference-question (such as “Do you like opera?”) set may work more effectively than fact-based questions. There’s a fabulous discussion about this password issue going on at MSNBCs Red Tape Chronicles here.

Great reference for additional reading: Security Questions in the Era of Facebook (PDF) by Ariel Rabkin.

Via red tape ; image: clarita @morguefile

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • del.icio.us
  • Digg
  • StumbleUpon
  • Technorati