Last spring I was getting a flood of emails from hacked email accounts 🙁
Because we are regularly emailing close to 10,000 Instructors, my email address is in all those contact lists. When an account is compromised, the first thing the hackers do is send an email to everyone on your list. That email typically includes a nasty link that, when your mom/dad/babysitter or club department head clicks, could infect their computer with a virus or worse... like taking complete control of your computer.
It even happened to me - an old yahoo.com email I haven't used in years started sending out spam emails. Embarrassing to say the least.
I wrote two posts here & here about the importance of using a good/strong password to prevent this from happening to you. Here were my suggestions.
... take your existing password (if it has 8 or more letters) and add one capital letter and two special characters.
So “password” would be greatly improved by changing it to “@Password!”
Another option would be to combine three easy to remember words, separated by special characters. The three girls in my life are Amy, Abby and Carly so a reasonably secure password could be Amy&Abby&Carly. You can use your first name, your dog”™s name and your city or any other three words and special character combination.
One more suggestion — You may have heard you should have a different password for every website — unrealistic. But I personally use a few different passwords, depending on the type of website where I have a user name.
One simple password for sites that don”™t matter (No email or financial data) Here”™s where you can use “password”
One password for important sites (No financial data)
A complex password for each website that has financial, medical or credit data. Create a prefix password and add the name of the institution at the end like; @Password!=visa or @Password!=bank or @Password!=401k
To be clear, my example of @Password!=visa would in actuality be: @Password!=FirstBankVisa but please don't use "password" instead use an easily remembered root word. Password is the number one, err - password and it's the very first word the hackers try.
But how do you know what you've created is really a good/strong password? This online password strength checking tool can tell you the relative security of any password you dream up. Suggest testing a slightly different version of your password - change one digit-just in case this site is an elaborate scam to actually steal passwords. It did come to me from a trusted source... but you never know.
So "password" (without the quote marks) returns:
Which is pretty much like posting your password online, but @Password!
Is a big improvement, while @Password!=FirstBankVisa should be pretty secure.
So until we all have the new iPhone 5S with fingerprint recognition, please protect yourself and change your passwords.
- Please come back to my class! - May 30, 2023
- My Life Time Instructor Teach Back - May 24, 2023
- I'm Fine, Thanks - May 21, 2023
I tested my usual password. It will take a PC 1000 years to crack my password. Ironically, the password tester on my financial services web site only thinks it is moderately safe.
One question, do you think now that I – and perhaps many others – tested their personal passwords on this site, we are at risk from people hacking this site?
That’s why I suggest changing a digit or two when you try it. Password strength ultimately come down to the number of characters, more = better. So adding some additional letters/numbers/symbols to your normal (easy to guess/hack)password makes it exponentially stronger. Another idea would be to just add a smile at the end like this 🙂 or :o)or :#) Make sense ;}
So here is some more food for thought.
The calculator seems to take into account brute force permutations only. However, if you use more sophisticated methods where a human is involved the time to crack should be significantly reduced.
Let’s look at the password that got the highest markings – “@Password!=FirstBankVisa” .
Now lets look at the password suggested. Assuming that the FirstBank is the name of the bank this may significantly widen the changes for a successful match along with the fact that the word “Password” is present as well. This knowledge is used when the person trying to guess passwords is using a dictionary attack.
So I would suggest you use a line of a song or movie and “salt” it with some modifications.
So if this was my Bank password I would try using something like “There’s @ lady who’s sure a11 that glitters is gold” which gives me a “987 sesvigintillion years” to crack and it is totally unrelated to the bank in question. Thus reducing the chances of a successful dictionary attack.
And yes, some places will accept spaces as part of the password. If they don’t accept spaces substitute the spaces with a non-alpha character of your choice.
While most people tend to think that an attack happens at the login screen, that is not usually how it happens. And that is because most places will lock your account out after a certain number of bad attempts to guess your password. And the better ones will email/text you a notification of such fact.
The best way is to obtain an encrypted username/password file and try to unlock as many usernames and password pairs as possible from that file and then go happy around the web looking for places to use this newly acquire knowledge.
And that bring me to another point – many places use an e-mail as the username and they do not encrypt that information. And to make matters worse they even tell you on their login screen to enter you email and password.
Think of you username and password as a combination that will allow you passage to a secured area. Both pieces of information should be protected and should be unique across sites.
Remember longer is better and NEVER use names of people close to your or dictionary words as your password. The best suggestion I ever heard was to create a “pass phrase” which is a line you know very well, maybe from a song. This is a bit like what alan suggested. I was just listening to Train, so I might make mine: 50w@yz2sayg00dbye which would take 846 billion years. long enough in my opinion. 😉 Another fun one is to take a whole line from the song and type out its acronym. SWDIAAfgsF1@CMf0qs (She went down in an airplane…) 71 quadrillion years.
The biggest problem with passwords, though, are websites that have stupid restrictions in their password policies, so you are limited in the number of chars you can use (this is infuriating) or have to meet an arbitrary standard of so many of each type of character. If the minimum lengths were all increased and the only restriction was that it couldn’t be ‘weak’, this would be a happier world in which to live (in my opinion).