The Weakest Link Is You

It's surprising the ease with which passwords can be got. Back in October, my 12 year old daughter asked why she could so easily access my iTunes account and change the password if she wanted. While she was trying to play a song purchased from my account on her computer, iTunes prompted to authorize playback. The software presented a dialog box with my email address as the user name and a space for password.

Alongside the blank space for the password was a button asking, "Forgot password?" By clicking on this button, my daughter ended up at a page asking for my birthday, which she knew, and the answer to a secret question. I had simply put in a single word, "Maine," instead of drafting a question. After several guesses, my daughter chose "moose," which got her into the account. Microsoft Watch - Security - The Weakest Link Is You

Linked by shanmuga Friday, 12th January 2007 2:33AM