Personal email accounts are used for more than emails these days with the popularity of social networking sites such as Orkut, Facebook where users enter their email addresses.
Security Question plays a very important role while maintaining an account at web mail sites. Many users do not pay attention to the option and often tend to forget the answer. However, if not properly maintained and changed often, the password reset function at these sites can be exploited for an email account if the answer to the security question is very easy (the nature of these questions from the predefined list is personal information related to your pet, favorite teacher, best friend, frequent flyer number). With the limited choice of security questions available to a web-mail user, a hacker can get the answer using social networking skills, or even using popular brute force attack (there is no account lockout while trying to answer the security question).
In case a user forgets his password, he has to reset it by answering the security question. An optional email address is also or by receiving his password reset instructions in email to another account (optionally chosen as a secondary address at account sign-up). In former scenario, the access to a user’s account is only a security question’s answer away for a hacker.
Therefore -
- It is best to define your own security question if the option is allowed.
- Always provide the optional secondary email address at account sign-up. That way, during password reset request, the instructions are sent to that email address.
- Often change the security question (possible at Gmail).
No comments:
Post a Comment