Gmail password reset options a security hole

If your users user Gmail, you might want to give them a refresher on password safety. Tom Merritt shows you how attackers can steal a Gmail passwords using the service's several password reset options.

If your users use Gmail, you might want to give them a refresher on password safety. Like many sites, Google's Gmail service provides several ways to reset forgotten passwords. Users can do this in one of three ways:

  1. Email: Sends a note that includes a password-rest link to a secondary email address.
  2. SMS: Sends a text message that includes a password-reset link to a mobile phone number.
  3. Security Question: Allows you to reset your password online after answering a personal security question.

While convenient, these password-reset tools can be a security hole—as a Twitter employee recently discovered when her Gmail account was hacked and sensitive company documents were post around the Web. In this video, CNET Executive Editor Tom Merritt explains how the alleged attack took place. If you aren't able to watch the video, you can read a text version of Tom's examination of the Gmail password reset options on the CNET TV blog.