Cybercriminals can hijack your online accounts to order items at your expense, gain access to your email, or use your good name to send spam, malware and scams to people you know. One way attackers can gain access is by taking advantage of lax security in your password reset and recovery options for the account.

Most online services offer some means of recovering forgotten passwords. This typically consists of answering a few questions, after which a new password is emailed to the account on record. While this method is convenient, it can leave you at greater risk unless you follow a few simple security precautions.

Make sure the email address specified for the account is a valid, monitored email address.
Make sure the answers to the password recovery / reset option are not easily guessable.
Skipping either of these steps makes it far easier for attackers to gain control of your account. For example, a "throwaway" email address could easily wind up registered to another user. This means that any attempts to recover or reset your password, will result in that password being sent to the wrong person. Make sure the email address you have specified for the account is active, in your name, and monitored regularly.

Most security related questions can be either easily guessed or discovered through a quick online search. For example, things like the name of the school you attended or the town you were born in may be part of your public social networking profile.

Your best bet is to pick a nonsensical answer to the question. Instead of entering you