How Sarah Palin's Yahoo email was Hacked
Posted
Monday, September 22, 2008 9:32 PM
by
hwaldron
For web based email accounts like Yahoo, Gmail, or Hotmail it is important to use complex passwords and keep them confidential. However, it's also important to safeguard those important "secret questions" that allow for password recovery, where the password would be emailed back to you in a different account after successfully answering all secret questions.
One safety practice, that can be used is to intentionally place "wrong or misspelled answers" for those secret questions so that the current password is not mailed back to someone trying to hack these type of email accounts.
How Sarah Palin's Yahoo email was Hacked
http://www.eweek.com/c/a/Security/Sarah-Palin-Hack-an-Example-of-Password-Recovery-Backfire/
QUOTE: The ease with which Republican vice presidential candidate Sarah Palin's e-mail was hacked is striking and underscores the importance of improving privacy questions for password recovery. A person claiming responsibility for the hack posted details of what he did Wednesday on a 4chan.org message board. The handle of the poster has been linked to the 20-year-old son of Tennessee Democrat Mike Kernell.
Yahoo required the user provide Palin’s birthday and zip code, which the hacker said he found through Wikipedia and Google. The final security measure required him to answer a question regarding where Palin met her spouse; another Google search turned up the answer.