Itworld’s Markus Jakobsson highlights one of the hidden dangers of password recovery wizards: They can be easily phished or hacked!

When you have forgotten your password, some sites send you an email with a link for you to click. Phishers who have stolen access to your email account can do that, too. Other sites will ask you for your mother’s maiden name, the name of your best friend, what city you grew up in, or what brand your first car was. Did you know that phishers can answer those questions, too?

Like the city you grew up in, your mother’s maiden name can be derived from public records – from birth certificates and marriage certificates to be specific. Facebook might unwittingly tell the name of your best friend. And,until quite recently, Ford with its 25% market share had a pretty good chance of being the brand of your first car! (Itworld, Aug 12, 2008 “What is worse than reusing passwords?”)

A solution to this problem would be to give your answers in the form of another passwords. For instance if a website asks for your “Favorite Childhood Pet’s Name” instead of answering “Fido” you could put in a separate password “x39google!”

Note: x39google! is not a password I use, it’s just an example.