According to Wired, hacking VP-hopeful Sarah Palin's email account was easy: all the hacker needed was Palin's birthdate, ZIP code, and the name of her high school—all of which are no more than a Google search away. In fact, password security questions may have always been the weakest link in email security, since anyone with an acquaintance's knowledge or access to the internet can divine answers to most of your security questions within minutes. So how can you make sure your email account is secure?
Obscure the answers to your security questions
Password retrieval tools are there for a good reason, and most of them aren't going anywhere. You can do your best to choose the most obscure questions when you're signing up for a new account, but you still can't guarantee that that information is outside of the reach of anyone.
The real key lies in obscuring your answers. We've covered how to choose memorable-but-obscured answers to security questions before using blogger danah boyd's method, but here's a quick recap:
The basic structure is:
[Snarky Bad Attitude Phrase]+ [Core Noun Phrase]+ [Unique Word]
Although these are not my actual phrases, let's map them for example:
- Snarky Bad Attitude Phrase = StupidQuestion
- Unique Word = Booyah
Thus, when I'm asked the following question: What is your favourite sports team?
My answer would be: StupidQuestion SportsTeam Booyah
The only question in Palin's account that offered any difficulty asked where she met her spouse. The hacker correctly guessed Wasilla High, Palin's high school. If Palin were to have followed the technique above, the answer could have looked more like InsecureQuestion Spouse Awesome.
Of course you're not limited to the technique above by any means, and you could build your own system to provide unique but secure answers (more secure than your post code by itself, at least). Simply adding and remembering PIN of some sort for every answer would go a long way. (e.g., 5429 Wasilla High).
Choosing a secure password
While security questions are a major weak link, passwords are just as easy to break if you aren't using a strong one. Again, we've covered how to choose and remember great passwords in the past, and there are even several strong password generators available to help you pick a secure password.
If you prefer to choose the password yourself, don't use simple words, especially by themselves. As security expert Bruce Schneier points out:
...a typical password consists of a root plus an appendage. A root isn't necessarily a dictionary word, but it's something pronounceable. An appendage is either a suffix (90 percent of the time) or a prefix (10 percent of the time).
So if you want your password to be hard to guess, you should choose something not on any of the root or appendage lists. You should mix upper and lowercase in the middle of your root. You should add numbers and symbols in the middle of your root, not as common substitutions. Or drop your appendage in the middle of your root. Or use two roots with an appendage in the middle.
All of your new passwords will be much more difficult to hack, but they're also very difficult to remember. Luckily there isn't all that much to it. All you need is to find yourself a solid password manager to keep track of the details for you. Check out our roundup of the five best password managers for more.