Recently, the news reported that some of the Bush family members had their e-mail accounts hacked. There’s a lesson in this for all of us that use online e-mail services. What are the two ways hackers gained access to these accounts?
Password guessing: It’s sad, but true, that many people use easy to guess passwords, based on common items. If an attacker knows something about the victim, it’s possible that the attacker may be able to guess the password. A report by CBS news listed some of the top passwords of 2012: qwerty, 123456, welcome, and letmein.
Password resets: Even if a hacker cannot guess your password, he/she may be able to reset it. Many e-mail services make use of cognitive password resets. This allows users to change their passwords if they cannot remember them by answering a few simple questions. These questions might include:
- Where were you born?
- What’s your pet’s name?
- When were you married?
- What high school did you attend?
These questions might also be guessed or discovered by simply knowing something about the person.
So, how can we prevent these problems? One technique is to simply use stronger passwords. Don’t use passwords based on common facts and avoid using the same password for all your online accounts. Use passwords of nine or more characters that consist of mixed types of characters. One way to create longer, more secure passwords is to use pass phrases, such as San_Fran_is#1_to_me. The combination of upper and lower case characters with numeric values make it much harder for attackers to crack.
You might think that what you have in your e-mail or online account is not as valuable as what’s in an ex-president’s e-mail account, but the bottom line is that hackers are always looking for ways to exploit victims. One way to avoid being a target is by using strong passwords.