Police your Password Recovery Options

Police your Password Recovery Options
Cybercriminals can hijack your online accounts to order items at your expense, gain access to your email, or use your good name to send spam, malware and scams to people you know. One way attackers can gain access is by taking advantage of lax security in your password reset and recovery options for the account.
Most online services offer some means of recovering forgotten passwords. This typically consists of answering a few questions, after which a new password is emailed to the account on record. While this method is convenient, it can leave you at greater risk unless you follow a few simple security precautions.
1. Make sure the email address specified for the account is a valid, monitored email address.
2. Make sure the answers to the password recovery / reset option are not easily guessable.
Skipping either of these steps makes it far easier for attackers to gain control of your account. For example, a "throwaway" email address could easily wind up registered to another user. This means that any attempts to recover or reset your password, will result in that password being sent to the wrong person. Make sure the email address you have specified for the account is active, in your name, and monitored regularly.
Most security related questions can be either easily guessed or discovered through a quick online search. For example, things like the name of the school you attended or the town you were born in may be part of your public social networking profile.
Your best bet is to pick a nonsensical answer to the question. Instead of entering your favorite pet's name, input a completely bogus response that only you will know. Avoid easily guessed single word responses like 123456, password, or other dictionary words or sequential number responses. Attackers can simply enter lists of commonly used words/number sequences until one gets accepted. Use a passphrase instead - a favorite quote or short phrase with all spaces removed.
Some online accounts will allow you to enter a mobile phone number. If a password reset or recovery is requested, you'll receive a text message alerting you. If available, this is one of the most secure methods you can use. However, phones can be lost or stolen, so remember to still have a valid email on file with the service and use hard-to-guess passphrases for the security questions.