I'm cross posting this here from another forum I posted this at because I figured somebody over here probably is in the same situation....
<< I was traveling this weekend and keep all my passwords on a memory stick using keepass which I quickly realized I had forgotten at home... So I was wanting to play some online poker and decided to see if I could get into my accounts through the password recovery on gmail and was surprised to see that all it took was my father's middle name (I guess I choose this security question years back when I set up the account)
After answer this security question I was back playing poker in like 5 minutes... I was also able to find the information about my weak security question in about five minutes using one of the free public people search tools online which had my father's full name (including middle name) listed as a relative next a search of my name in less then two minutes...Clearly, for someone who took the time to set up 20+ character randomly generated passwords for all their accounts, I was pretty pissed to see how weak gmail's security verification process for password recovery was... My security question is now another randomly generated password but I thought I would pass this along as I'm sure I'm not the only one with thousands of dollars sitting behind weak security that could be broken by someone who knew my email address, my name (which is displayed everytime I send an email) and could do basic searches on the internet...>>
<< I was traveling this weekend and keep all my passwords on a memory stick using keepass which I quickly realized I had forgotten at home... So I was wanting to play some online poker and decided to see if I could get into my accounts through the password recovery on gmail and was surprised to see that all it took was my father's middle name (I guess I choose this security question years back when I set up the account)
After answer this security question I was back playing poker in like 5 minutes... I was also able to find the information about my weak security question in about five minutes using one of the free public people search tools online which had my father's full name (including middle name) listed as a relative next a search of my name in less then two minutes...Clearly, for someone who took the time to set up 20+ character randomly generated passwords for all their accounts, I was pretty pissed to see how weak gmail's security verification process for password recovery was... My security question is now another randomly generated password but I thought I would pass this along as I'm sure I'm not the only one with thousands of dollars sitting behind weak security that could be broken by someone who knew my email address, my name (which is displayed everytime I send an email) and could do basic searches on the internet...>>
