The tens of millions of people who use Web-based e-mail clients probably sweated some bullets when Alaska Gov. Sarah Palin's Yahoo e-mail account was compromised and its contents leaked onto the Web.

If they didn't, they should have.

That's because Palin's account wasn't so much "hacked" (hacking generally takes some computing skill) as much as it just had the screen door jimmied open. That's because the security in place on Web-based e-mail is woefully low.

In the Palin case, all the "hacker" did was use Yahoo's helpful "Password Recovery" feature that is used when people forget their password. That process required the hacker to enter Palin's login name (which was generally known from earlier stories critical of her use of Yahoo e-mail), date of birth and home ZIP code. The last thing that kept her account locked was the answer to the question, "Where did you meet your spouse?"

The kid who boasted of the hack on a Web forum, and is now presumably seeing the business-end of Secret Service German shepherds, said the whole process took 10 minutes, since Palin had discussed meeting her husband, Todd, in high school. He typed in "Wasilla High," and he was in.

The final question in most of these sites, including Yahoo, is user-selectable. I always encourage my readers to pick the same question every time on these sites and make the answer something nonsense and something only they would know. So if the question is "What is the name of your first pet" and you always answer "Sophia Loren" (assuming you have never had a pet named after the Italian bombshell) you're likely safer than if you answer "Spot" or "Rover." And never, ever, use your mother's maiden name.

I also use a random ZIP code when I sign up for these sites. One, I don't want sites to target me by location and, two, it makes it that much harder for people to guess my passwords and whack around on my data. So consider the ZIP code question really a 5-digit PIN question. Don't give Yahoo your ZIP code. The only thing they are going to do with it is send you customized ads and weather, which you can change later anyway.

Lastly, you should be careful what data you save online. Don't save your "sent" mail unless you really need to and don't necessarily save every mail you've ever received. Nothing of political substance was found in Palin's mail — much to the chagrin of opponents and the media, who had claimed she used it for state business — but much can be learned from this.

Of all the free services out there, I like Google's the best because it lets users pick their own secret question. That seems like the most secure one of all, assuming you make up something really good and not "what color is my hair?" It also has a five-day waiting period for a password reset, which would have given Palin plenty of time to discover the hack and stop it, assuming she had time to check her accounts

Either way, she's probably going to be too busy in the next few months to e-mail.

---

James Derk is owner of CyberDads, a computer repair firm, and tech columnist for Scripps Howard News Service. His e-mail address is jim@cyberdads

.com.