Difference between revisions of "Reset passwords and security questions"
(Created page with "{{Scenario Task |Scenario Task Format=Solution |Scenario Task Parent=I want to protect my email account from unauthorised access |Scenario Task Type=Hacking, Unauthorised Acce...") |
m |
||
| Line 3: | Line 3: | ||
|Scenario Task Parent=I want to protect my email account from unauthorised access | |Scenario Task Parent=I want to protect my email account from unauthorised access | ||
|Scenario Task Type=Hacking, Unauthorised Access | |Scenario Task Type=Hacking, Unauthorised Access | ||
| − | |Scenario Task Description=Password are easily forgotten (unless you are using a [https://securityinabox.org/en/guide/keepass/windows password program | + | |Scenario Task Description=Password are easily forgotten (unless you are using a [https://securityinabox.org/en/guide/keepass/windows password program] and the service provider offers several opportunities for you to reset this password or to prove your identity. Whilst often necessary, both options may result in a security risk and need to be thought through carefully in advance. Please read this [http://www.wired.com/2012/08/apple-amazon-mat-honan-hacking/ Wired article from Matt Honan] for an excellent description of the problem. |
# Resetting a password by sending the code to another email account opens up another attack vector for the hacker. If they can break into one account and then request the reset password to another account to be sent there, you are worse off than before | # Resetting a password by sending the code to another email account opens up another attack vector for the hacker. If they can break into one account and then request the reset password to another account to be sent there, you are worse off than before | ||
Revision as of 18:21, 27 August 2015
Solution- Hacking Unauthorised Access
Password are easily forgotten (unless you are using a password program and the service provider offers several opportunities for you to reset this password or to prove your identity. Whilst often necessary, both options may result in a security risk and need to be thought through carefully in advance. Please read this Wired article from Matt Honan for an excellent description of the problem.
- Resetting a password by sending the code to another email account opens up another attack vector for the hacker. If they can break into one account and then request the reset password to another account to be sent there, you are worse off than before
- Setting a security based on personal information (e.g. your mother's maiden name) means the attacker only need to find out this information now in order to reset your account password and gain access
If at all possible, it is best to not set any reset options. If you want this option or are required to do so, put yourself in the hacker's shoes and make sure their task wont be easy.
| Base Page | Language | Modification dateThis property is a special property in this wiki. | |
|---|---|---|---|
| Fa/بازنشانی گذرواژه و پرسشهای امنیتی | Reset passwords and security questions | fa | 26 March 2016 10:34:02 |
