[Dailydrool] Hacked account advice for passwords

Esther Strom esthermstrom at gmail.com
Wed Sep 7 10:15:56 PDT 2011 

If you want to get really technical, a passphrase is much more secure than a
single password made up of random characters.

http://www.codinghorror.com/blog/2011/09/cutting-the-gordian-knot-of-web-identity.html
- the article is way more geeky than most of you will probably want to get
(I'm a programmer), but the cartoon at the very beginning is pretty clear.
Most hacked passwords are not guessed by a human, but by a computer which
can easily run through all kinds of random character iterations. It's much
harder for it to guess a random phrase made up of real words. So something
like "freaky hound harness leash" would be more difficult for a computer to
guess than something like a7^j2M, but much easier for you to remember.

Thank you, and this concludes our lesson on internet security.

-Esther, Basil, and Waldo ATB

On Wed, Sep 7, 2011 at 12:23 AM, R Groves <dd-post at thegroves.net> wrote:

>
> **
> There comes a time everyone has gone through when it finally hits them that
> "junior" or "Junior" isn't safe as a password..
>
> While we can't be elephants, or concrete reinforced vaults 3 feet thick
> with passwords.. we can make passwords that make sense to us, but would foil
> your common "dictionary attack".
>
> There are a few common ways these people get your password.
>
>    - You use the password on multiple sites.. one of them gets hacked
>    - You use the password on unsecure connections - anyone doing POP and
>    SMTP email these days should *not* be doing so on any un-trusted network.
>    And that starbucks down the street, that mcdonalds free wifi hotspot, those
>    are **not** to be trusted.
>    - You use a more simplistic password ... proper names, regardless of
>    how common or uncommon.  Names of places, streets, your name, etc.. not good
>    for passwords.
>    - You accidentally run an app / virus / worm that knows your email
>    type.. like AOL, Hotmail, Gmail ... etc.. and runs scripts to spam others
>    when you log into your account
>
>
> So how do you do it?  How do you create something that's difficult to guess
> .. patterns, clusters, systematic combinations.
>
>    - your Zip Code+the name of a hound.
>    - One of your hounds names backwards, followed by age, followed by the
>    name of another of your hounds (forward this time) past or present names!
>    - those of you with 5 hounds or more.. the first initial of each hound,
>    followed by one of their ages in number and then spelled out
>    FRH10ten  (Franklin Riley Henry - two of them are 10) or even
>    FRH2r10ten  (2 aRe 10)
>    - your age, hound name, spouse's age, and sex of hound
>
> There are LOTS of different schemes you can use to create secure
> passwords.  Doing so takes the guess work out of it.. the rest is keeping
> your machine clear of "loggers" which track keystrokes, not using open
> wireless, not opening your laptops' email program if you aren't using SSL
> encryption for the connection *to* your email servers.
>
> I'm more than happy to discuss any of this with anyone on the Drool that
> would like more insight.
>
> -Robert
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dailydrool.org/pipermail/dailydrool-dailydrool.org/attachments/20110907/ef9732ba/attachment-0002.htm>

More information about the Dailydrool mailing list