We’ve been looking at the various ways your email password can be hacked. Besides being stolen, figured out or given away through social engineering, another method to get your password is for a hacker to successfully answer your security questions. Probably the most famous incident of this kind happened in 2008, when David Kenell, a 20-year old college student, successfully answered the security questions of then Vice-President candidate, Sarah Palin. (He wound up convicted and in prison.) For this reason, some email services like Gmail have discontinued the use of security questions as a means of changing your password. In other recent news event, Yahoo actually has instructed users to delete their security questions and answers because of the huge hack of their service.
If you still use an email service where security questions are used to reset your password, you should consider these ideas:
- Don’t answer a security question truthfully. For instance, I had a customer answer the question “Favorite singer?” with “Elvis” because anyone who knew him knew he never liked Elvis’ singing. Unfortunately, Elvis is a very popular answer so a hacker might try that whether or not he or she knew my customer.
- Don’t spell an answer correctly. While capitals and lower case don’t usually make a difference in a security question answer, spelling does. For instance, if we were answering the question “First make of car?” we might answer “Foooord” instead of “Ford.”
- Make sure you keep a record of your answers as you probably won’t remember them in the future.