Hackers Delight: “Forgot your password” links give hackers easy access

Have you recently forgotten your password and clicked on a “Forgot your password” link to obtain or reset it?

Did you ever think that this would be a way that a hacker could get a hold of your password? Do you know that it is easier for a hacker to get into your account via the “Forgot your password?” link?

The process for obtaining a new password is a very old method that hackers may have an upper hand on over the internet. Many of us have utilized a process for resetting or obtaining your forgotten password over the internet. We know that many of these processes online ask for additional credentials so that the system can confirm that you are who you say you are. Just like we discussed in our article about personal security questions on sites create a serious security risk, the same type of security questions are asked and answered by thousands of computer users each day over the internet.

What is being done to protect this information that may let hackers gain access to your personal accounts over the internet?

According to many security researchers, not enough is being done as much of this “private” information is readily available to those with the knowledge to find it. Do you have a personal blog or website viewable by anyone with internet access? It is just that easy, for a hacker to get-a-hold of answers to the personal questions that are asked when you attempt to reset or retrieve your password via a “Forgot your password” link. You may mention you dog’s name, your mothers maiden name or even the high school that you graduated from. All of these are commonly used security questions asked in retrieving or resetting a password online.

The strength of your password is ineffective when all a hacker needs is the name of your dog.

So much emphasis is placed on creating a strong and secure password but wouldn’t it be so much easier for a hacker to guess a dog’s name than a password that looks like this: “RHLroar319″? This process may take place through a “Forgot your password” link more than you think. You may also find yourself on a phishing website that asks for the answers to common security questions used by account logins or password retrieval pages.

Although there are no definite statistics the support the fact that this type of phishing is happening, the fact remains that it does happen and has effected many computer users around the world who utilize the internet. It is advisable to be mindful of the information that you give out to web sites or online forms when creating, editing or filling out an online form that asks you to answer security questions.