Following the Hotmail security problem, another free e-mail provider has fallen victim to a security flaw. A list of obvious forgotten password challenges meant that anyone who knew the username of an individual and some elementary pieces of information about that person could access that account.

The manner in which the accounts could be compromised was stunningly simple. In basic terms it was like the last twenty years of computer security tenets had been ignored. Anyone signing up for an account was offered four options for a question and answer challenge if the password was forgotten. The options were year of birth, city where the account holder was born, mother's maiden name and pet's name. If the challenge was guessed then the password would be revealed.

Clicking on the "Forgot Password" option on the webpage would have thrown up the question and answer challenge. As soon as ireland.com's web staff was informed, the link was changed to an e-mail link. The "Forgot Password" link has now been deleted.

While the city question, mother's maiden name or pet's name would require personal information, the year of birth  did not. As part of the test, Stephen Finnegan was able to repeatedly guess the year of birth for an account. Once he arrived at the right year, the password was revealed. The problem with this is that there appeared to be no limitation on the number of guesses. It would have been an obvious security precaution to limit the number of guesses.

This kind of lax security is widespread on the internet and any e-mail that is transmitted unencrypted is potentially readable by a third party.