We are currently seeing a spate of email hacking going around. People hear from their contacts and friends that they are receiving spam email from them and get in touch with us, understandably concerned that their computers have been compromised. That’s not usually the case but those affected do have to fix the problem. Here’s how…
First, let’s look at what’s happening and to whom. Those affected have email accounts with the main free providers – Yahoo! (and therefore any BT and Sky email accounts too), Hotmail, maybe others.
Second, those affected tend to have weak passwords.
The hackers find an active account, go to the website and just throw a large number of passwords until they get in. If you’re password is weak, this won’t take long.
What’s a weak password?
Just using lower-case characters makes cracking a cinch. Adding upper-case letters hardly makes a difference. Start adding numbers and punctuation and you’re getting somewhere. But the most telling factor is length.
This was famously if geekily explained in an xkcd cartoon. Of course, now “correcthorsebatterystsple” has become a popular password. Don’t use it! But the key point is that length is telling.
Another problem is that you really need different passwords for different sites. Man!
How to create a good password
One popular method is this:
- Choose a phrase that’s easy for you to remember, the longer the better. Let’s say “To be or not to be, that is the question”.
- Now make an acronym of it, with capitals at each phrase: TbontbTitq
- Now transform some of the letters to numbers and punctuation in a manner that makes sense to you. Os may become zeros, the letter ‘i’ !, the letter ‘b’ to 8 maybe: T80nt8T!tq
- Now that’s only eight characters but here’s the best bit – how you make it different for each site. Take the first four characters of the website and add them on the front and the rest on the end: for Amazon, it would be amazT80nt8T!tqon; for Paypal, paypT80nt8T!tqal.
You can change the details of course but these are the sort of parameters that you can use to create your own, uncrackable passwords.
If you are hacked…
Go to the webmail site (hotmail.com, bt.yahoo.com etc) and change your password. If it’s not immediately clear where on the site to do that, just search for your email service and ‘change password’.
Even if you haven’t been hacked, it’s probably good to implement a safer password strategy now anyway… before you are!