Tuesday, November 18, 2008

How Sarah Palin made my Yahoo id secure

Governor Sarah Palin's yahoo email id was hacked on Sep 17 2008. You can find more about the hacking here. This incident exposed the weakest form of password protection Yahoo practiced for years. The hacker used the reset the password option of Yahoo mail to reset Sarah Palin's email account to reset the password to a new password and then logged in using the new password.

Until this incident happened resetting password in yahoo was very simple. The three steps to hacking are as follows. Click on forgot password link on the mail.yahoo.com page after entering the username. Yahoo will ask you answer to a secret question. If you can guess the correct answer of this question then Yahoo will let you reset the password to a new password of your choice. How convenient!! As long as you know someone's pet's name or birth city or mom's maiden name this three steps will enable you to get into their yahoo mail account.

Unlike Yahoo, Gmail and other online accounts do not let anonymous users / hackers to reset your password. When password reset option is used in Gmail, Gmail sends a reset link to the users's secondary email account and Gmail requires the user to go to secondary email address to reset the password. This adds additional security to the system.

Within few days of Sarah Palin's password hacking incident I tried to reset my password in yahoo and found that it was a walk in the park for anyone who knew my first pets name, which includes almost every one of my friends!!! People at Yahoo must have been embarrassed by this incident that they finally decided to change the password reset option of Yahoo mail accounts. As the result of the change any reset attempt on my yahoo mail will result in sending a reset password link to my secondary email and thanks to Sarah Palin my email is more secure.

Although the governor couldn't convince enough people to vote for her she has certainly helped us in making our Yahoo email ids more secure.

No comments: