CXO

Gmail password reset options a security hole

If your users user Gmail, you might want to give them a refresher on password safety. Tom Merritt shows you how attackers can steal a Gmail passwords using the service's several password reset options.

If your users use Gmail, you might want to give them a refresher on password safety. Like many sites, Google's Gmail service provides several ways to reset forgotten passwords. Users can do this in one of three ways:

  1. Email: Sends a note that includes a password-rest link to a secondary email address.
  2. SMS: Sends a text message that includes a password-reset link to a mobile phone number.
  3. Security Question: Allows you to reset your password online after answering a personal security question.

While convenient, these password-reset tools can be a security hole—as a Twitter employee recently discovered when her Gmail account was hacked and sensitive company documents were post around the Web. In this video, CNET Executive Editor Tom Merritt explains how the alleged attack took place. If you aren't able to watch the video, you can read a text version of Tom's examination of the Gmail password reset options on the CNET TV blog.

About

Bill Detwiler is Managing Editor of TechRepublic and Tech Pro Research and the host of Cracking Open, CNET and TechRepublic's popular online show. Prior to joining TechRepublic in 2000, Bill was an IT manager, database administrator, and desktop supp...

Editor's Picks

Free Newsletters, In your Inbox