learn.equalit.ie

You do not have permission to edit this page, for the following reasons:

The action you have requested is limited to users in the group: Users.
You must confirm your email address before editing pages. Please set and validate your email address through your user preferences.

Format:
Parents:	Comma-separated
Threat Category:	Comma-separated
Tools and Services	Comma-separated
Description:	Password are easily forgotten (unless you are using a [https://securityinabox.org/en/guide/keepass/windows password program]). This is why most service providers offer several opportunities for you to reset your password by sending you an email or by asking you a personal question of your choice to prove your identity. Whilst often necessary, both options may result in a security risk and need to be thought through carefully in advance. For an excellent description of the problem, you can read this [http://www.wired.com/2012/08/apple-amazon-mat-honan-hacking/ Wired article by Matt Honan]. To make a long story short: # Resetting a password by sending the code to another email account opens up another attack vector for the hacker. If they can break into one account and then request the reset password to another account to be sent there, you are worse off than before. # Setting a security question based on personal information (e.g. your mother's maiden name) means the attacker only needs to find out this information in order to reset your password and gain access to your account. If at all possible, it is best to not set any reset options. If you want this option or are required to do so, put yourself in the hacker's shoes and make sure their task won't be easy. <br />

Summary:

Cancel

Edit a Scenario Task: Reset passwords and security questions