Don't Fall For This New Scam! "Forgot Your Password"

[MA-Caver]

"Forgot your password" links the easy way in for hackers

http://tech.yahoo.com/blogs/null/104079
Never mind creating a password with at least eight characters, two of which are numbers, one of which is a capital letter, and one of which is a symbol like (*&^%$). The easiest way for a hacker to weasel into your account is likely the "Forgot your password?" link."Forgot your password?" features are older than the Internet, providing businesses and site owners a simple way to let a user reset a forgotten password, provided he can verify his credentials by asking a few personal questions that only the rightful user should know.
For years the archetypal question was, of course, the "Mother's maiden name" challenge. In recent years, additional challenges have emerged, such as asking the street you grew up on, your favorite pet, and grandparents' first names.
Is all of this stuff really secure? More than one researcher is sounding the alarm over these tools, noting that while this data may have been private a decade ago, in an era of personal blogs, online resumes, and rampant social networking services, "personal" information drawn from your past is now widely available for public consumption. According to a researcher at PARC, you can even buy black market directories of personal information "like dog's names," for about $15 per batch. It's certainly a lot easier than guessing passwords like AHFplug41*.
Think this doesn't happen? There aren't any statistics available, but these hacks are widely suspected in myriad cases where accounts have been compromised. (Even Paris Hilton is said to have fallen prey to the "what is your dog's name?" password reset hack. It doesn't help to have one of the most infamous dogs in America...) But if you need more proof, check out this "how I did it" step by step guide to hacking a password from one writer at Scientific American. In about an hour, it seems, our researcher managed to compromise one (willing) victim's life entirely through password reset links.

A never ending battle between good and evil.

 

[Andrew Green]

Yep, sites that require me to enter such easily accessible information as "security" features really annoy me. Anyone with a basic grasp of security should have been able to see that major hole.

 

[Cryozombie]

Typically When asked, I put that information in, I make up answers that I will easily remember but is also false.

 

[punisher73]

Typically When asked, I put that information in, I make up answers that I will easily remember but is also false.

Ditto. Especially the "mother's maiden name" part, that info is used for alot of other legitimate stuff that you don't want someone getting a hold of.

 

[tshadowchaser]

Most of what i register on any site is false
I have a problem with people ido not know knowing who my mother was or where I live or lived

 

[terryl965]

O agree **** those passwords

 

[MA-Caver]

Hi MACAVER,

You are receiving this email because a new password was requested for your YouTube account. If you did not request a new password for this account, ignore this email and continue to use your current password.
If you do wish to reset your password, please use the following link: http://www.youtube.com/my_profile_email_password?action_forgot_password=username=MACAVER
See you back on YouTube!
- The YouTube Team

Heh, know what's funny about this... I didn't request a new password. I'm definitely ignoring this. But at least it shows the scammers are working...