Tech Xpress

How Users Reveal Email Passwords Unknowingly ?

Long ago a buddy of mine came up to me and told how he received a mail that had the password of his email account!

Like a typical tech guy, I immediately replied his computer may have been infected with password stealing viruses, trojans or key loggers. But in fact, he had a pretty good anti-virus with the latest updates and no harmful programs were found in his computer.
So how did that email contain his password? Was the account hacked?

It became very clear after he said who had sent that mail! Apparently, the email was a spam mail sent from a third-party website (let's take xyz.com as an example), where he had registered as a user. The answer was right there!
While registering at xyz.com, he had used his Yahoo email id as his username at xyz.com and used the same Yahoo! Mail email account's password as the password for xyz.com.
So now, xyz.com had both his email Id and password. The user had disclosed his email id and password, although unintentionally.

What to do if I have committed this mistake?
Can this be considered a mistake in the first place? Oh yes! It should be when you have a lot at stake (personal mails, business plans..etc) in your email inbox. Moreover, there are thousands of new websites popping out each day only to disappear weeks later. Always better to be safe than sorry.
The very first thing one can do is to :
  • Change the email password immediately.
  • Always keep a separate username and password for registering at other sites.
  • Use the secret Question & Answer password recovery option for your email, in case someone changes your email password. Many still don't use it. This will only work if the person who logged into your account didn't change the secret answer.
Personally, I always keep a separate password just for registering at websites that I find interesting. Do you use your email password while creating accounts at other sites? Have you thought about this while registering at sites? Please let me know in the comments...

If you enjoyed reading this post, you are welcome to
Subscribe to Feeds
Or
Subscribe to the Tech Xpress email newsletter for free

More Reading:
Hoax email misleads top selling daily
Precautions to Protect your Online Bank Account from Phishers
Copy Contacts from Other email accounts to Yahoo
posted by Vijeesh Ravindran, Sunday, September 09, 2007


4 Comments:

I have a small doubt on that. The site generally which asks for username and password actually use the API of Yahoo or wheherever you are logging. If thats not the case you can shoot an email to your mail domain and ask them to see.
@Ashish - Thanks for dropping by..
APIs are out of question here. The site just asks for a username and a password.
They usually ask for a username that is an email address, in fact, any email address.
If you enter one of your valid email address as the username, make sure you don't enter the password of that email address. Enter any other password. This way, even if the site has your valid email address, the password will be different.
Comment by Anonymous Anonymous on February 1, 2010 at 1:41 AM  
Amiable post and this fill someone in on helped me alot in my college assignement. Thank you as your information.
Comment by Anonymous Anonymous on February 6, 2010 at 4:29 PM  
Brim over I to but I think the brief should acquire more info then it has.