About a month ago, Alaska Gov. Sarah Palin’s Yahoo email account was hacked by a college student. We benefit from her misfortune by learning how he did it and making sure someone can’t do the same with our email accounts.
According to news sources, he needed only three pieces of information to gain access:
- Palin’s birthdate,
- Palin’s zip code, and
- The answer to Palin’s self-selected security question on Yahoo – where she met her husband.
A simple Google search gave him the first two pieces of information and he guessed the last one pretty easily.
So what’s a mediator to do? Here are four ideas and links to more:
Use a memorable lie. We’re an honest bunch, but there are good times to lie outright, and the security questions for your email is just such a time. Your mother’s maiden name? If your second cousin’s done genealogical research and posted any of it on the web (now quite common), a hacker can probably find out your mother’s maiden name with relative ease. Your high school school? Not very hard to find if you’ve ever been on a reunion site or your class officers have used the web to plan for reunions. Your dog’s name? No good if you’ve ever written anything that mentions him, even if it was for a print publication (since many now also digitize their article banks). So make up an answer to those required security questions – just make sure it’s an answer you’re likely to remember. Or better yet, if provided the option, create your own security question and answer, selecting something so obscure it’s unlikely to live anywhere on the Internet.
Obfuscate the answer to your security question. Choose a PIN or a unique phrase that you add to your answer for any account-access security question. For example, if the security question is What street did you live on when you were a child, your answer would be the street name (e.g., Portnoy Place) + your unique phrase (e.g., CrazyLikeaFox). The answer to the security question in this example would be: Portnoy Place CrazyLikeaFox.
Get a password manager. Password management applications help you choose and keep track of myriad passwords so that you don’t have to rely on the same password again and again (a hacker’s dream). I’ve seen good reviews for KeePass and 1Password, among others.
Change your passwords periodically. I know, I know, it’s a hassle. But less of one than retrieving your identity or trying to explain to a client how their confidential email to you ended up circulating on the ‘net. Set aside an hour every month or two and just plow through the sites on which you have accounts.
For more ideas and information, try these:
- Being smart about webmail
- How to protect your email from hackers
- Choose (and remember) great passwords
Making Mediation Your Day Job by Tammy Lenski is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 United States License. Based on a work at MediatorTech.com.
