Dare Obasanjo on the hacking of Sarah Palin's Yahoo! account via the "forgot my password" feature.

The fundamental flaw of pretty much every password recovery feature I've found online is that what they consider "secret" information actually isn't thanks to social networking, blogs and even Wikipedia. Yahoo! Mail password recovery relies on asking you your date of birth, zip code and country of residence as a proof of identity. Considering that this is the kind of information that is on the average Facebook profile or MySpace page, it seems ludicrous that this is all that stops someone from stealing your identity online.

I've always wondered how this became accepted practice. For decades we've warned people not to use easily guessable passwords—dates of birth, names of children or pets—but somehow this is acceptable for password recovery?

The fundamental paradox of password recovery is that the recovery channel must be at least as secure as the original password, because ultimately that's what it is: an alternative to your password. And since you'll be using the recovery far less often than you might use the password, your chance of remembering any secret with even password-grade security when you finally get around to needing it has to be pretty slim.

(For the record, I always leave recovery questions blank, or if forced I come up with something random then immediately forget it.)

I wrote a guide to password recovery back in 2002 that might still be worth a read.