The Security Question Vulnerability
How easy is it to break into your Gmail account? How about Yahoo! Or Windows Live?
If you provided a truthful answer to the security question during signup, it is probably quite easy to hijack your account, with just a little bit of a research.
Take a look at the Yahoo! Security Questions:
Are these security questions?
Anyone that knows my address can easily figure out the name of my first school or my high school mascot. All of my neighbors, family and friends know both my dog’s name and my dad’s middle name, and everybody in the world knows I just LOVE the Lakers. As for my wife and me, the people who attended our wedding had the chance to hear about it in the ceremony – in case you couldn’t make it, we met on a roof of a bus, in Ladakh, India in 1994…
The fact that the answer to each of the security questions above is relatively easy to find out, makes them a security vulnerability in my Yahoo! account.
By letting me make a security key based on the name of my first school, Yahoo! actually puts me at risk, allowing anyone that knows where I live to hijack my account. It’s like saying “We have the greatest lock to protect your house. Now, why don’t we hide the key under the mat”.
Windows Live is pretty much the same as Yahoo!:
Gmail is the only one of these three that allows you to choose your own question.
By letting you do that, Gmail asks “which question only you can answer?” I think that most people might still come up with “Who is my favorite singer”, “What is my date of birth” or “My dog’s name”.
However, that isn’t a security vulnerability encouraged by Google. If they give you the tools and you fail to use them, it’s not their fault.
So, what can we do about it?
If you can write your own question, How to unblock Facebook that would be the best. If not, choose the question about the name of your first school and put your first phone number as the answer. That’s what I did!
Got better ideas? Share them with us!