[Dailydrool] Hacked account advice for passwords

R Groves dd-post at thegroves.net
Tue Sep 6 22:23:08 PDT 2011 

There comes a time everyone has gone through when it finally hits them that "junior" or "Junior" isn't safe as a password.. 

While we can't be elephants, or concrete reinforced vaults 3 feet thick with passwords.. we can make passwords that make sense to us, but would foil your common "dictionary attack".

There are a few common ways these people get your password.
  a.. You use the password on multiple sites.. one of them gets hacked
  b.. You use the password on unsecure connections - anyone doing POP and SMTP email these days should *not* be doing so on any un-trusted network.  And that starbucks down the street, that mcdonalds free wifi hotspot, those are **not** to be trusted.
  c.. You use a more simplistic password ... proper names, regardless of how common or uncommon.  Names of places, streets, your name, etc.. not good for passwords.
  d.. You accidentally run an app / virus / worm that knows your email type.. like AOL, Hotmail, Gmail ... etc.. and runs scripts to spam others when you log into your account

So how do you do it?  How do you create something that's difficult to guess .. patterns, clusters, systematic combinations.
  a.. your Zip Code+the name of a hound.
  b.. One of your hounds names backwards, followed by age, followed by the name of another of your hounds (forward this time) past or present names!
  c.. those of you with 5 hounds or more.. the first initial of each hound, followed by one of their ages in number and then spelled out 
  FRH10ten  (Franklin Riley Henry - two of them are 10) or even FRH2r10ten  (2 aRe 10)
  d.. your age, hound name, spouse's age, and sex of hound
There are LOTS of different schemes you can use to create secure passwords.  Doing so takes the guess work out of it.. the rest is keeping your machine clear of "loggers" which track keystrokes, not using open wireless, not opening your laptops' email program if you aren't using SSL encryption for the connection *to* your email servers.

I'm more than happy to discuss any of this with anyone on the Drool that would like more insight.

-Robert
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dailydrool.org/pipermail/dailydrool-dailydrool.org/attachments/20110907/43372628/attachment.htm>

More information about the Dailydrool mailing list