« ViewStateUserKey Doesn’t Prevent Cross-Site Request Forgery | Main | Fxcop HtmlSpotter - Spotting ASP.NET XSS using Fxcop and Html encoding document »

The Palin Hack: Why most question recovery systems suck

Motley fool wrote an article blaming Yahoo! for the Palin Hack. Computerworld has pointed out Gmail, Yahoo, and Hotmail as being vulnerable as well. To be clear any site supporting answering of common questions as a way to restore account access is vulnerable. The issue is not that these sites are vulnerable and others aren't, just the concept of solely asking for a persons maiden name, zip code, hometown, etc is the problem.

A better solution would be to require that people make up their own question with their own answer and not to allow them to use dictionary words/zip codes/common variants/etc as the answer, or to require a backup vector (backup email address or an SMS message to their cell) to obtain a short lived one time recovery token. Even these aren't the best solutions but certainly a step up.

Anyone else have a suggestion for a better fix? If so please post a comment.


Feed You can follow this conversation by subscribing to the comment feed for this post.

All Comments are Moderated and will be delayed!

The problem was, by far, not the quality of questions for password reset. The problem was a combination of:

1) Yahoo automatically logs the user in after answering password reset questions, but only if there is no email address attached
2) Palin did not have a secondary email address attached to her Yahoo account
3) Once the attacker answered Palin's foolishly simple forget-password security questions, they were immediately granted access to the account

No moose meat for you!