Tuesday, November 11, 2008

How Secure Is Your Email Account?

You might have read the recent story about a college student who hacked into Gov. Sarah Palin's Yahoo email account. The method used to hack the account was so simple that you and I could have hacked into her account in just a few minutes. Unfortunately, it is likely that the same method could also be used to hack into our personal email accounts.

Yahoo has an option you can click if you have forgotten your password. My understanding is that the hacker used the "forgotten password" option, entered in Gov. Palin's email account name, and then he answered a few simple questions like her birth date, home town, zip code, and where she met her husband. With a few minutes of internet research on Gov. Palin, a billion people on this planet could have gotten into the account.

I checked and discovered that my accounts weren't much safer. I have 5 email accounts on Yahoo. On two of those, the only security under the "forgotten password" option was the question asking for the name of my last pet. On another, the only security was the question asking for the name of my first school. The last two accounts asked for my birth date, home town, zip code and a security question. These are things that many people know or can find out. Is your email account any safer than mine or Gov. Palin's? Here's how you can find out, plus some steps you can take to improve the security:

1. Try to hack your account: This is easily done by clicking on the "forgotten password" option. You will then see just how easy or difficult it would be for someone to change your existing password and get into your email account. Keep in mind the number of places where you have filled out a form that asks for your birth date, address, and an email account--a lot of people have access to that information. Therefore, a lot of people are probably one simple, generic security question away from being able to hack your account, a question that is often as easy as "Name your favorite sport".

If you go through the steps and discover that only you have the knowledge to get through the email security, then congratulations to you and your email provider. If you think you need to beef up the security, then go on to step 2.

2. Improving your email security: The easiest way to improve the security if by not entering in the correct information when you create the account. If you are signing up for a new email account, I would suggest using a fictitious birth date and address which would be almost impossible for anyone else to guess. If you want real information that is easier to remember, then use the birth date and address of your spouse, a parent, a child, etc.

For accounts that already exist, you need to change your information and security question to make the account harder to hack. I'm sure this is easy to do on some accounts and difficult on others. It might take some digging around or even sending off an email to your provider, but you will find a solution if you dig hard enough. I had to dig a little to find my solution with Yahoo, so go to step 3 if you have a Yahoo account and maybe I can save you some time.

3. Improving your Yahoo email security: Since 3 of my 5 Yahoo accounts were guarded only by a simple security question, my big concern was to change my security question to something only I would know. The only option I found to do this was to fill in an online form and email the form to Yahoo. Click on the following link to bring up that form (you will be prompted to log into your email account if you are not already logged in):

Yahoo! Secret Question & Answer Help Form
(that address is: http://help.yahoo.com/l/us/yahoo/acct/info/sqachange.html)

You'll need your current security question and answer so I hope you remember that from step 1. You might also need to look up what you have on your account information for your name, and zip code. You will find this information under the "Mail Options" on the email home page. At some point you might want to change your home town and zip code under these options (I never found a way to change my birth date on these existing accounts).

4. If this helped, then pass it on: I know the odds are slim that anyone would hack into any of your email accounts. Still, why take a chance on anyone getting in and reading your emails, or deleting all of your emails, or sending out emails under your account name? I hope you will take the time to look at your email accounts and make them more secure if needed. After that, please feel free to pass this along to your friends who might want to check the security on their accounts. The direct link to this post (which will probably be the only link on this blog) is:


(Note: There are plenty of other ways that people will try to get into your accounts, such as trying to trick you into entering your password in response to a fake email. The above is simply one thing you can do to make your accounts a little bit safer. Please feel free to leave a comment if you have any tips or info that relates to this subject.)

Don't Fall for this Simple Email Phishing Trick

It's a little disturbing that an email like this would get through the Yahoo spam protection since it is phishing for Yahoo account information. I hope that no one reading this is gullible enough to respond to an email like the following which is designed to trick you into giving away all of your key information:

Dear Account User

This Email is from Yahoo Customer Care and we are sending it to every Yahoo Email User Accounts Owner for safety. we are having congestions due to the anonymous registration of yahoo accounts so we are shutting down some yahoo accounts and your account was among those to be deleted.We are sending you this email to so that you can verify and let us know if you still want to use this account.If you are still interested please confirm your account by filling the space below.Your User name,password,date of bith and your country information would be needed to verify your account.

Due to the congestion in all Yahoo users and removal of all unused Yahoo Accounts, Yahoo would be shutting down all unused Accounts, You will have to confirm your E-mail by filling out your Login Information below after clicking the reply button, or your account will be suspended within 24 hours for security reasons.
* Username: ..............................
* Password: ................................
* Date of Birth: ............................
* Country Or Territory: ................

After following the instructions in the sheet, your account will not be interrupted and will continue as normal. Thanks for your attention to this request. We apologize for any inconveniences.

Warning!!! Account owner that refuses to update his/her account after two weeks of receiving this warning will lose his or her account permanently.

(Note: I started to highlight all the typos and grammer errors that should give this away as an item that didn't come from Yahoo. I think I did enough to make the point and you can amuse yourself by looking for the rest.)