With all the hacking from lulz that was going on for the past 50 days, we learned a couple of good things… and we were reminded of the importance of MANY good passwords.
The internet has become a type of window where people can look in to keep track of their money with online banking, friends with social media portals, shopping through Amazon or Ebay, and even communication over e-mail or Skype. The verage internet user has to keep up with 25 different passwords, but people like me have to keep up with 40 or more different pass codes.
Many people use just a single password across the internet. That’s a bad idea, anybody can tell you that, even LulzSec, the hacker group who hacked the CIA, US Senate, SONY and countless of other sites, said “It’s not our fault you retards use the same password.” If you use the same password for PayPal as your Neopet account you are bound to get hacked.
The main problem is not “remembering the password” but rather “remembering where you used it.” If you use the same password for all of your sites, only one of them has to get hacked and a hacker can then guess what other websites you have that use the same password. Remember the old saying… “a chain is only as strong as its weakest link?” The same goes with the internet. While Facebook or Google might be questionably safe from hackers, that Randomwebsite.com may not.
The easiest example that someone can give you is if you have 1 key for 100 different houses, cars, lockers, offices, etc. a thief just needs to get a copy of your key and that’s it. He just has to find your houses and offices to get the rest of the job done. A hacker is the same way, the only difference between online and real life is that online I can guess where you “homes” are. I can almost guarantee you have a Facebook, a Google/Yahoo account, or Twitter.
Hackers last year posted a list of the most popular passwords of Gawker Media users, including “password,” “123456,” “qwerty,” “letmein” and “baseball.” Other popular passwords are, “god”, “sex”, “love”, “asdfjkl” if you are currently using any of these passwords… may the force be with you.
Normally, when people get hacked, they instantly start to change passwords, after a couple of months go by, they go right back to doing the same old behavior of using the same password… it’s human nature. How many times have you gotten a ticket for speeding and you “behave” for a good 2 weeks then go right back at speeding again? Or better yet, how many times have you “promised” to change your life style as a new year’s resolution?
One of the best ways to come up with a strong password is by coming up with a paragraph password. You take an entire paragraph and only use the first letter of each of the words. Here is an example: “Jack And Jill Went Up The Hill To Fetch A Pill Of Water” becomes “jajwuthtfapow” replace a couple of letters with numbers and now you have “j4jwuthtf4p0w” and now you have a password that it’s relatively strong. The longer it is, the safer it is. But regardless, of how strong your password is, NEVER use the same one.
If you want to use a different password for each of your sites, you can use the same sentence, but then have a sort of algorithm that changes your password depending on what site you are on. Your algorithm can change website names into gibberish by using a couple of letters based on a number… example: let’s say that your number is “3” and you are going to use it 3 times starting on the 2nd letter. Facebook = “bkc” int the same example Ebay = “Eya” and so on. You can then add those three letters at the end of your already strong password “j4jwuthtf4p0wbkc” and now you have a unique password for each one of your sites.
At the very minimum if you don’t want to have different passwords for every site, you should always use a different password for your e-mail account. Every site now days seem to have a “forgot my password link” and they send your e-mail account a “reset password link.” Meaning, if your e-mail service is compromised, most of your other websites are compromised as well. At that point the hacker doesn’t need to figure out your “ultra secret password” all he needs to do is click the “reset password link.”
We’ve written an article about how easy it is for people to hack into your e-mail services using simple research through social sites. Most e-mail clients have a type of security question and answer to retrieve your forgotten password. “whats your mothers name?”, “where were you born?”, “what’s your pet’s name.” Those Q&A’s can be easily answered by doing basic research on Facebook, or other social sites. After those questions have been answered, the e-mail account is open for “business” as they say. You can protect your self by using the same method of paragraph passwords on your answers.
Another questionable alternative, if you are still having problem remembering all your passwords, is using a password manager like LastPass. It works by prompting the users to create a master password, and then it generates and stores random passwords for different sites. I, personally, wouldn’t put all my faith on such a program, even though LastPass Chief Executive Joe Siegrist says “hackers can’t access the passwords because all data is encrypted.” LulzSec showed us what encryption means when they hacked the CIA, US Senate, and other Government agencies around the world.
While most, if not ALL, passwords are “hack-able” really what you are doing is protecting yourself a little longer than anyone else is, effectively making yourself a target that’s not worth the effort. It’s like the thief trying to break into your home. He wants to get in, get out, and disappear before he gets caught. If you have 4 bolts on your door and metal bars on your windows, a thief is going to move to the next target it’s not a risk they are willing to take. If a hacker is trying to hack your facebook, and he spends 4 days trying to use a brutforce program to crack the code, he’s going to move on to an easier target, someone who still uses “letmein” as their password.
Via: Yahoo News