‘Forgot your password?’ provides easy gateway into your ’secure’ accounts
I’ve known about this problem for quite some time because I’ve experimented with it myself:
“Almost everyone forgets a Web site password once in a while. When you do, you click on the familiar Forgot your password? link. As an experiment, Thompson recently asked a few friends for permission to “hack” into their bank accounts. Using only information gathered from Web sites such as Facebook, he found his way in to each account within minutes”
[...] when I wrote about how “forgot your password” security questions were an easy in for hackers to get into your online accounts? Well, just last night I was remarking to a coworker that I bet that’s how Sarah Palin’s [...]