Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Should I change the security information on all my emails after my Hotmail was hacked?

Question:

Hi. In the number 344 AskLeo! (I assume you mean my newsletter), you gave
info to this effect regarding viruses in Hotmail: try to regain access to your
account and change all or as much personal and hinting information as
possible.

My question is would it be OK to perform this procedure on other accounts
also? Or wait until you detect a problem?

In this excerpt from
Answercast #15
, I talk about the necessity of keeping your recovery
information up-to-date on any email account and what to reset in the event of
an attack.

Become a Patron of Ask Leo! and go ad-free!

Change security information

There’s nothing wrong with doing that.

In fact, I encourage people to review their alternate and account recovery
information periodically to make sure that they remember it or that it’s still
working.

“How do I recover…?”

One of the very common questions I get is from people are in a recovery
situation and they suddenly realize that the information (like the phone
number or the email address, the alternate email address that they provided
when they created the account) is no longer valid and can no longer be
used.

  • That can often lead to losing the account permanently.

So it’s a good idea to review it. It certainly doesn’t harm anything to
change the information periodically.

Might be overkill

My take on it is that it doesn’t really help anything to change the
information.

If you’ve got good and current recovery information:

  • An email address (an alternate email address that works)
  • A phone number (that is valid and in your control)
  • Password hints (that you remember)
  • Secret questions (that have answers that you remember, that are not easy for
    other people to guess)

… if you’ve got all that in place, I don’t really see a reason to change
it.

If you’ve been hacked

The reason I suggest that you change it, once your account has been hacked,
is that while the attacker has access to your account, they could be setting all
those things to something else.

They could (if the information is visible) be reading what you set those
things to. With that information in hand (knowing those pieces of information)
they could hack your account again after you’ve recovered it.

The only way to protect yourself after being hacked in a scenario like
that is to change not only your password, but every bit of information that
could be used to recover your password.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.