Hackers cracking old ways of protecting passwords, email

FOSTER CITY, Calif. (KGO) -- Next time you set up an account online, you might not have to answer any security questions.

As hackers get more advanced, we need to stay a step ahead. They are now cracking the old ways of protecting your passwords and emails.

Jila Afjei is typical of many of us in the 21st century. She does all her banking online and, as a realtor, relies heavily on email to conduct business, so word that someone had hacked into her Gmail stunned her.

"I really don't know how the back end works and how these hackers work, but it's very scary," Afjei said.

Experts say hackers gain access through weak passwords.

Afjei kept getting messages from Google that her password had been changed. "It says, 'Your password was changed 19 hours ago,'" she said. "I didn't change my password."

Experts say you need a complex password.

"And if it's something that's so hard you need to write it down, you're probably going in the right direction," Google's Mark Risher said.

The hackers took control of Afjei's email and sent a malicious attachment to all her contacts.

Google disabled her account and stopped the spread of a potential virus.

Risher says it uses a form of artificial intelligence to identify suspicious behavior and stop it.

"If somebody tries to access an account in a way that's not the norm, that's not the usual access patterns, that puts us on higher alert," Risher said.

Afjei tried to access her Gmail again through her security questions but could not. That's because hackers changed her questions, too.

"I just hit the wall, like there was no fixing," she said.

Risher oversees the prevention of spam and abuse at Google. He says the company is phasing out the use of security questions.

"There's been problems where the security question was something that may be researched online or even guessed so right now we favor a much more dynamic approach," Risher said.

The new approach is for you to give your email provider an alternate way of contacting you. That can be a phone number or a secondary email.

Google sent Afjei a link to recover her account to that secondary email, but she said she never received it.

"I feel like a prisoner, like trapped," she said.

Frustrated, Afjei contacted 7 On Your Side. "Luckily, thank you very much, I immediately got some response," she said.

Google won't discuss her case, but Afjei said her account is finally restored.

"Your people contacted Google and got me some support," Afjei said.

Here are links to security information for Gmail, Yahoo and Hotmail.