The volume of personal information on the internet is making the use of personal security questions a far less effective protection method, according to one expert.
Gary Warner, director of computer forensics research at the University of Alabama, Birmingham, outlined new risks which had surfaced in the aftermath of the Sarah Palin email attack.
Warner said in a blog posting that the attack shows just how simple it can be to obtain information to foil the 'personal information' questions used by many web services.
The questions are intended to ensure that only the intended user can reset an account password. Users are asked information that a stranger would not know, such as zip code or pet's name.
As users put more of their lives online through the use of social networking and personal sites, however, more of that once-personal information is becoming publically available.
Warner pointed out that the information used by suspected hacker David Kernell to access the Yahoo mail account of Alaska governor and vice-presidential candidate Sarah Palin was found through a few Google searches.
Authorities have since tracked down Kernell's surfing history in performing the attack and recently raided his apartment.
Kernell was able to obtain Palin's zip code and birth date through a search, and figured out where she met her husband through online biographical information.
Those three pieces of information were then used to reset Palin's password and access her account.
"Of course, it's worse if you are a celebrity," Warner noted. "Governor Palin, after all, has a biography written that will answer most of these questions."
Warner pointed out, however, that with a little additional effort, information on regular people can be found on social networking sites.
An attacker could pick up a targeted user's personal information and employment history from sites such as LinkedIn and Facebook, while personal and family history information can be obtained from directory sites such as Classmates.com or genealogy sites.
To remedy the problem, Warner suggests a healthy dose of dishonesty. Users should enter false information when asked about personal history.
"Lie. Be dishonest. Do not tell the truth. And then write down your security questions and put them wherever you keep your birth certificate and passport," wrote Warner.
"They force you to have a security question, but don't make it something the rest of the world can find out with a Google search."
First result in one of the biggest ever hacking attacks 13 Sep 2008
Hotel chain says only 10 customers affected by the breach - and none across Great Britain 27 Aug 2008
Five year-old flaw exploited to place 400 long-distance calls 22 Aug 2008
MIT students allowed to share research on card system flaws 21 Aug 2008
Unbreakable documents prove anything but 07 Aug 2008
Court rules 3FN must stop trading 05 Jun 2009
The most eccentric oddballs of the tech world 18 Jul 2009
New trains could reach speeds of 100 miles per hour 17 Apr 2009
Justin King announces funding to support green research projects at Imperial College London 16 Mar 2010
Chairman hints at plans for UK's first off-grid supermarket 16 Mar 2010
Head of World Business Council for Sustainable Development warns poor communication between politicians and private sector is blocking the development of effective green policies 16 Mar 2010
More news
Andrew Williams casts his eye over some of the most popular green driving aids on the market 16 Mar 2010
From hydropower hot spots to record-breaking Texan winds, we run down the top stories from the past week 12 Mar 2010
Few debates cast the UK's business and political community in such an unedifying light as the never-ending row over skills.... 12 Mar 2010 More in-depth
Post your comment
Send an email to the Business Green editor at feedback@businessgreen.com
