Fri 19 Sep 2008
All of us have multiple accounts for various services on the web. Keeping track of the account IDs and passwords can be cumbersome so many people use very simple, easy to remember words as their passwords.
However, poorly chosen passwords can be easily cracked using software tools that are widely available. These tools utilize lists of words (in English or any one of dozens of other languages), given names, the names of characters in books, movies, television shows, and games. Most passwords consisting of plain, lower-case dictionary words or names can be identified in seconds.
Just this month there were over 40,000 searches for terms like "password hacker" or "stealing passwords." In other words, there are a lot of hackers out there and they don't need to be very technically knowledgeable to get in to your account.
This password sounds like "2 hot pizzas" but changes the spelling to be phonetic, uses $ instead of s and mixes numbers with upper and lower case characters. If a system allows it, include spaces in your passwords to make it even harder to guess.
A good password can go a long way, but unfortunately it is not the only security measure you have to worry about. Take the case of Republican Vice Presidential Nominee, Sarah Palin. Earlier this week, it was reported that her private Yahoo email account was hacked. How? The perpetrator went to Yahoo's "Forgot My Password" link and answered the security questions she had set up, like "Where did you meet your spouse?" The answers to Yahoo's questions were easily found online so it was very simple to reset the password. The more personal information anyone can find about you online, the less secure your passwords are. Think about that the next time you post a Facebook or Twitter status update.
To protect yourself, use very difficult passwords (like the example shown above), change your passwords frequently, and do the best you can to keep private information about yourself private.
Side note: Yesterday, Tennessee State Rep. Mike Kernell confirmed that his son David, 20, is the subject of Internet and blog discussions related to Palin's hacked account.