Hi. In the number 344 AskLeo! (I assume you mean my newsletter), you gave
info to this effect regarding viruses in Hotmail: try to regain access to your
account and change all or as much personal and hinting information as
possible.
My question is would it be OK to perform this procedure on other accounts
also? Or wait until you detect a problem?
In this excerpt from
Answercast #15, I talk about the necessity of keeping your recovery
information up-to-date on any email account and what to reset in the event of
an attack.
Become a Patron of Ask Leo! and go ad-free!
Change security information
There’s nothing wrong with doing that.
In fact, I encourage people to review their alternate and account recovery
information periodically to make sure that they remember it or that it’s still
working.
“How do I recover…?”
One of the very common questions I get is from people are in a recovery
situation and they suddenly realize that the information (like the phone
number or the email address, the alternate email address that they provided
when they created the account) is no longer valid and can no longer be
used.
- That can often lead to losing the account permanently.
So it’s a good idea to review it. It certainly doesn’t harm anything to
change the information periodically.
Might be overkill
My take on it is that it doesn’t really help anything to change the
information.
If you’ve got good and current recovery information:
- An email address (an alternate email address that works)
- A phone number (that is valid and in your control)
- Password hints (that you remember)
- Secret questions (that have answers that you remember, that are not easy for
other people to guess)
… if you’ve got all that in place, I don’t really see a reason to change
it.
If you’ve been hacked
The reason I suggest that you change it, once your account has been hacked,
is that while the attacker has access to your account, they could be setting all
those things to something else.
They could (if the information is visible) be reading what you set those
things to. With that information in hand (knowing those pieces of information)
they could hack your account again after you’ve recovered it.
The only way to protect yourself after being hacked in a scenario like
that is to change not only your password, but every bit of information that
could be used to recover your password.