FSAfety News

October 2008

FSAfety News is an informational bulletin from the U.S. Department of Education's Federal Student Aid office. FSAfety News will bring you important information concerning IT security and privacy issues. This issue focuses on safeguarding personal details that can be used to recover your passwords to important online sites, such as your email account.

Recently, someone broke into GOP VP Candidate Sarah Palin's webmail account. It was a simple hack — one that required little to no technical expertise. The "hacker" used Yahoo!'s password recovery feature, and then proceeded to fill in the answers using Wikipedia and Google.

The lesson is this: All a malicious person needs is to access a Wikipedia page — or a Facebook, MySpace, or similar social networking page — and you, too, could have your emails spread all across the Internet — or have your identity stolen, if it's a bank or credit card company account instead of an email account. Posting common information about yourself and then using pieces of that same information when logging into your online account is asking for trouble.

If your online account allows you to create your own "Golden Questions," choose something that you haven't posted on line elsewhere. If your online account uses only canned questions, make sure to remove the answers to those questions from your Facebook or MySpace pages. Don't give out your first pet's name or your first street address (to name two common "Golden Questions").

And if you need to put those pieces of information on your MySpace page, please don't choose the same information to log into your account. If you have already posted this kind of information online, try disguising the response by changing the answers (since you can't change the "golden questions"). You can, for instance, use something different from the real thing, such as changing your first pet's name from "Fluffy" to "Fluppy" — it's a change only you would know, but is not that far from the real answer. The question prompt from the password-recovery utility will trigger you to remember the changed answer, thus keeping your account, and your identity, safer.