A couple of days ago someone hacked into Sarah Palin’s e-mail account…

… her personal e-mail account, not her official Alaska-government one.

It was a Yahoo! account that she used for both personal and government business.

The hacker has posted an account of how he or she hacked into the account.

Magic?

No, the hacker simply had to guess the “secret” information that Yahoo! demands for resetting an account’s password. This secret information took less than 45 minutes research on the Wikipedia online encyclopedia and other sites (think Social Networking etc.).

Once the hacker got the authorisation to reset the password, he or she could read anything in the e-mail account …

… or send messages masquerading as Sarah!

Now, you can see right away that she shouldn’t have been conducting official business from a Yahoo! account. For one thing, it keeps state business out of the public record, which is illegal. For another, the security is inadequate but what this should remind us is how vital it is to protect our e-mail accounts (even if they are a less juicy target than Sarah Palin’s).

If you choose a weak password, it’s pretty easy for a hacker to break using a “dictionary” attack (a list of possible passwords in descending order of likeliness) but even if you choose a strong password, the password-reset mechanism can nuke your security. So play it safe.

With a systems similar to Yahoo’s, this means:

Whichever of the security questions you choose, don’t give publicly available information.

Give a fake date of birth … this is security information, not an identity check.

Give a different postcode … anybody who knows where you like can look up your postcode, so don’t use the real one.

Get the idea?

Stay Safe