In the news: The young man that allegedly ‘hacked’ Sarah Palin’s email account has come up for trial. He faces up to 50 years in prison for ‘guessing’ Palin’s password.
Before I rant, let me be clear: Hacking bad. Don’t hack. It’s wrong to read other people’s mail, whether you take it from their mailbox on the front pouch, or from a server online. Both are wrong, both are criminal, and if convicted, the guy needs to see some time in jail, but somewhere on the minimum end, not the max.
Now, on with my rant. Why does Yahoo and others, require you to use secure passwords, a mixture of upper and lower case, numerals, and special characters, yet they negate all of that by catering to idiots that can’t or won’t record their passwords either on paper, or in a secure file with a master password? In the Palin case, the guy reportedly ‘hacked’ her password by finding out where she went to high school. And then pretending to be Palin he used Yahoo’s ‘convenient’ feature to recover/change the password. So much for hard to guess passwords if all you need do is 10 minutes research on Google.
Sure, that’s a convenient feature. I suppose for people that always lose their house keys, it would be convenient to weld the key into the lock so it will always be there. Convenient for robbers as well.
I’m not proposing that Yahoo and others do away with their procedures, but they could and should add a level of difficulty to password recovery, such as a 24 hour waiting period between asking for, and receiving a new password. And within that time, alerts are sent informing the owner that a new password is in process — Is that okay?
They could also add a check box that says, “Don’t EVER send me a new password. I’m a grownup and I’ll take care of myself, thanks.”
I’m not picking on Yahoo alone, most of the online email providers have the same or similar procedures. But Yahoo’s choice of business name reminds me of the origin of the word. Don’t know what that is? Here ya go.