Keep password clues in your head

Q: Because this has been in the news lately: How can I keep my Web mail password secure from hackers trying to guess it?

A: Last week, Republican vice presidential nominee Sarah Palin suffered a cruel little invasion of privacy: Somebody logged into the Alaska governor's Yahoo account and browsed through her mail. This person, still unknown, apparently pulled this off by guessing the answer to the security question on Yahoo's password-reset page: "Where did you meet your spouse?"

Most of us aren't public figures whose lives are chronicled in books, newspaper articles and Wikipedia, but the same issue applies. If somebody else can answer your security question — a common back door offered for users who forget their login and can't get it e-mailed to a secondary e-mail address — he doesn't need to guess your password or steal it with a phishing scam or a keystroke-logging virus.

You can minimize that risk by choosing a question with an answer that's only in your head, not on the Web. (Remember, "the Web" includes whatever's on your profile at Facebook, MySpace or another social-networking site, even if that information isn't shown to strangers.)

Here's how to change an existing security question to something less guessable at the three major Web mail services:

  • At Yahoo, log in and click the "My Account" link above your inbox. Then click the "Help" link. The Help page's "Secret Question" link leads to instructions on how to change this.
  • In Google's Gmail, log in and click the "Settings" link. On that page, click the Accounts tab, then the "Google Account settings" link.
  • In Microsoft's Hotmail, log in, click your e-mail address at the top right of the screen, and select "View your account" from its drop-down menu.

Share This Story