Hardly a week goes by without someone calling me, distressed that their email account is sending goofy spam messages to everyone in their address book. This week has been no exception.
“How could this have happened?” they wonder. Of the many ways accounts get hacked, only one is not directly linked to user behavior. That way involves passwords that have been stolen from companies that do not properly protect their customer’s private information.
The theft of mass quantities of passwords from commonly-trusted giant corporations is quite common, but you’d never know it from the coverage given the subject by most media outlets. For example, did you know that earlier this month, Internet bad guys stole almost eight million passwords from social networking giants Linkedin and eHarmony? Is your password one of those that’s been compromised? You might want to change it, just to be on the safe side.
Even so, bad user behavior (meaning, your behavior) is the main reason for hacked email accounts. Bad user behavior manifests itself in numerous ways, such as: responding to spam email and being tricked into giving up passwords; checking accounts on public computers (public libraries, etc.) and not logging out; checking accounts on public computers that have password-stealing viruses installed; checking accounts on bogus wireless networks; using the same password on all accounts (i.e., one hacked account means all accounts are hacked); and, your own personal computer being infected with password-stealing viruses.
It is my experience, though, that the number one way any account, email included, is hacked is the use of weak passwords. If you’ve taken my Internet safety class, you’ve learned we should not be using pass “words” in the first place, as those are super-easy for the bad guys to hack. Instead, we should be using pass “codes” or pass “phrases.”
Pass “words” should never be actual words that can be found in any dictionary, in any language, on earth. Instead, they should be passcodes, such as ig2Tc@tL&b$!. Passcodes should look like total gibberish, but they don’t always have to be memorized. Once they have been plugged in to your email program or browser, those programs can take over the memorization chores. Be sure to write them down, though, and keep them in a secure location.
If you need to memorize your passcode, base it on a long phrase that you can remember, such as “It’s great to teach classes at the library and be safe!” Compare that phrase to the passcode listed above and you’ll see how easy passcodes can be to memorize. Use your imagination, substitute letters, numbers and symbols for words and you’ll be inventing memorable passcodes in no time.
If you are an AT&T customer, you are not allowed to use most special characters, such as !@#$%^&(*)+, in your passcode. This restriction is a serious violation of known best practices regarding passcodes. I have spoken to security higher-ups at AT&T about this issue; they would like to remedy the problem, but have been told by their bosses that it would cost too much money to do so. As such, they are unnecessarily putting their customers at risk. This is not the case for Cox Internet customers. Shame on you, AT&T.
Pass “phrases” are good to use, too, and are much easier to memorize. A passphrase is a series of words, with some punctuation and special characters thrown in for good measure. They need to be long, though, with 25 characters and up being a good starting number.
An example of a good passphrase is 83i love purple f!shing12. Spaces between the words count as characters, too, and can enhance the passphrase’s security and ease of memorization. Again, forget about using spaces between the words if you are an AT&T customer, as such security-enhancing tactics are not allowed by their shameful password restrictions. Don’t use obvious strings of words in your passphrases, like “Mary had a little lamb,” or, “my car is really fast.” Logical phrases like that are too easy to crack. Instead, use nonsensical word-strings like “every basketball should drink railroads.” Who couldn’t remember a passphrase like that?
An online passcode checker can also be helpful. At microsoft.com/security/pc-security/password-checker.aspx Microsoft has one that works pretty well. Give it a try and you’ll soon get a feel for passcodes and phrases that are worth using.