Network Security News

Social networks are the places where a bunch of information becomes available; in most cases - freely available for anyone visiting the profile. Since many a security means expect user to enhance security by using such feature as secret question/answer pair, this technique may in fact turn out a security breach, as The Internet Patrol mentions in Use Facebook and Gmail? Your Gmail Password May be at Risk!.

The summary provided is this: if you use Gmail, and also use Facebook, it can be very easy for someone to password crack and access your Gmail account using Gmail's recover password retrieval feature. This is because Gmail's access password recovery feature allows anybody to guess the answer to your "forgot password" reset security question. And if the answer to your forgotten password reset security question happens to be information easily gleaned from your Facebook account (or some other social network information), then password hacking your Gmail account is as easy as typing in that password protection answer. (And we use the term "password protection" loosely.)

Don’t feel badly if you in fact do have an easily-guessed security question ‘protecting’ your Gmail account. You’re in good company. In fact, the recent hacking of Twitter founder EV’s account, and an earlier hack into Sara Palin’s account, were likely both accomplished, at least in part, with this method.

Don’t feel badly - but do heed the warnings here! Make sure that the answer to your password reset security question is unguessable and unconnected to any personal information available about you online. And make sure that your secondary email account is one that you actually monitor.

Most common mistake is using too obvious a way to generate security question. People are too predictive and if they are told to enter their mother's maiden name, they do it - enter their mother's maiden name. However, no one obliges you to enter any information instead, the main goal is to enter information you are, first, able to remember yourself; second, not too easy to guess and third, not available in your social networks records.

Most services do also inform user of all the attempts to guess their security questions. Simple monitoring your email (unfortunately, many users just send such notifications to trash or disable them altogether), along with regular password and secret answers change may prevent you from losing all your profiles and compromising your private data. Since many use the same email address to register at a number of services, the loss of a single email box can result in very grave consequences.

Do not disregard ubiquitous warnings and notices reminding you to change your password.

This article was brought to you by the developers of IPHost Network Monitor, network and server monitoring software.