Come on, use tough passwords

Over the past week I have had three friends who have had their Email accounts hacked – two on Yahoo and one on Hotmail.

In all three times, no subject line but a link pointing to a web site – most likely pointing to a page that contains either some scam or some malware infested site.

If you see an Email with no subject line and just a link to a web site, then don’t click on the link. That said, to those who have Yahoo, Gmail, Hotmail as well as other free mail site –  CHANGE YOUR PASSWORD TO SOMETHING HARD.

Your password should be lengthy, containing upper and lower characters, numbers and special characters (think $, %, *, &, etc.).It should not contain any words that make up an actual words in any dictionary. For example LikeMike ain’t good.

Some suggestions including swapping characters in words such as “O” or “0”, “1” for “L”, “S” for “5”, etc. Others suggest taking (for example) the first or second letter of a sentence and use it for a password. For example for “What we got here is failure to communicate” use “Wwghiftc” (you can then do a letter to number substitution after).

When you use a weak password, not only do you end up with problems trying to clean up what was done but now all the people in your contacts may get spam messages even if you do get to change your password as they may keep your contacts’ addresses for future spamming.

You don’t have to have a different password for every web site if you have set a very difficult password. Although financial, government, primary Email and some specific sites should be unique.



About ebraiter
computer guy

3 Responses to Come on, use tough passwords

  1. I see this as a problem not with the users but with system(s) that allows weak passwords to be put in the first place and no forced password change after X days. Do you want to use a weak password, or strong password? Most non-IT/tech people don’t care, and probably wont.

    • ebraiter says:

      Users don’t care until their account is hacked. Some of them won’t know why.
      True. Mail systems, banks and others should force stronger passwords.
      For example, Hotmail could notify users with weak passwords that in 2 weeks time, users a required to use a stronger password. If they don’t change their password, after 2 weeks they will be forced to change. The system should verify that the new password is at least fairly strong.
      Place I worked at a little while ago didn’t force users to put in a password. Some were blank, others were weak. They were suppose to implement PCI DSS [not the greatest with the security breaches] but it requires stronger password. Sales went downhill. PCI DSS was never implemented.

  2. ebraiter says:

    One other thought. There are actually web sites that restrict what you can put in a password. For example, Staples Canada (Bureau en Gros) restrict you to 12 charachers consisting of upper and lower case letters as well as numbers. No special characters. Don’t remember which but there was another sire that allowed up to 8 characters (but I think they did accept special characters).

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: