Passwords can sometimes be guessed by humans with knowledge of the user’s personal information. Examples of guessable passwords include:
* blank (none)
* the words “password”, “passcode”, “admin” and their derivatives
* a row of letters from the qwerty keyboard — qwerty itself, asdf, or qwertyuiop)
* the user’s name or login name
* the name of a significant other, a friend, relative or pet
* their birthplace or date of birth, or a friend’s, or a relative’s
* their automobile license plate number, or a friend’s, or a relative’s
* their office number, residence number or most commonly, their mobile number.
* a name of a celebrity they like
* a simple modification of one of the preceding, such as suffixing a digit, particularly 1, or reversing the order of the letters.
* swear word
Personal data about individuals are now available from various sources, many on-line, and can often be obtained by someone using social engineering techniques, such as posing as an opinion surveyor or a security control checker. Attackers who know the user may have information as well. For example, if a user chooses the password “YaleLaw78″ because he graduated from Yale Law School in 1978, a disgruntled business partner might be able to guess the password.
For example, in September 2008, the Yahoo e-mail account of Governor of Alaska and Vice President of the United States nominee Sarah Palin was accessed without authorization by someone who was able to research answers to two of her security questions, her zip code and date of birth and was able to guess the third, where she met her husband.
How to use Forgot Password Recovery
Using Password Recovery forms is easy. You just click the “Forgot Password” link and are taken to a series of personal questions like :
* Date of Birth
* Answer Security Question
* PIN Code
Now, all the above details are easy to obtain. The only difficult part is guessing security question’s answer.