*reads article*
after the password recovery was reenabled, it took seriously 45 mins on wikipedia and google to find the info, Birthday? 15 seconds on wikipedia, zip code? well she had always been from wasilla, and it only has 2 zip codes (thanks online postal service!)
the second was somewhat harder, the question was “where did you meet your spouse?” did some research, and apparently she had eloped with mister palin after college, if youll look on some of the screenshits that I took and other fellow anon have so graciously put on photobucket you will see the google search for “palin eloped” or some such in one of the tabs.
I found out later though more research that they met at high school, so I did variations of that, high, high school, eventually hit on “Wasilla high” I promptly changed the password to popcorn and took a cold shower…
Password recovery exploited. Not much of a "hack". Yawn.
Yep, come to think about it, it wasn’t that hard at all, considering how much of Governor Palin’s personal info the MSM has thrown out over the past two weeks.
Why do so many password-recovery doodads require people to use stupid questions? There are many things that I will remember for a lifetime, but few people are apt to know but me; indeed, some things nobody will know but me.
For example, 'What was the name of the singer you saw at Ontario Place during childhood'. I saw exactly one concert there, and I remember some of the songs from the concert as well as the identity of the lead singer. I suppose a stranger who was really desperate might conceivably be able to figure out when my parents and I were in Canada, and then cross-check that with a schedule of Ontario Place concerts, but I doubt that would be a realistic attack. Of course, my parents and siblings might remember some of that information, and perhaps even the concert itself, but strangers wouldn't have a chance.
BTW, one of my pet peeves is web sites that have various requirements for passwords but don't state those requirements at the login page. I can't see that putting such information on the login screen would compromise the security of any site that allows free public accounts.