Hacked Password….Aaauuuggghhhh!

Thank you to us.123rf.com for this great image!

Just got a call from a friend who got attacked by SPAM and had bank and PayPal accounts hacked. The question I got was this, “Do I have to change my email address?”

My answer was, “No, Get a better password!”

I also suggested that AOL might not be the best place to park her email. (They have a bad reputation for harboring SPAMmers, although they try to keep them away.)

I thought it was a good time to review password policy. Good News to some of you is this: Changing your password is NOT as important as having a good password. For some of you the question is, “What makes a good password?” Well, I am here to help!

CERN Computer Security says;

A good password is:

  • private: it is used and known by one person only;
  • secret: it does not appear in clear text in any file or program or on a piece of paper pinned to the monitor;
  • easily remembered: so there is no need to write it down;
  • at least 8 characters long;
  • a mixture of at least 3 of the following: upper case letters, lower case letters, digits and symbols;
  • not listed in a dictionary of any major language;
  • not guessable by any program in a reasonable time, for instance less than one week.


And here are some DON”Ts from CMU/SCS Computing Facilities:

What not to do when choosing a password

  • Do not choose a password based upon personal data like your name, your username, or other information that one could easily discover about you from such sources as searching the internet.
  • Do not choose a password that is a word (English or otherwise), proper name, name of a TV show, keyboard sequence, or anything else that one would expect a clever person to put in a “dictionary” of passwords.
  • Do not choose a password that is a simple transformation of a word, such as putting a punctuation mark at the beginning or end of a word, converting the letter “l” to the digit “1”, writing a word backwards, etc. For example, “password,123” is not a good password, since adding “,123” is a common, simple transformation of a word.
  • Do not choose passwords less than 8 characters long or that are made up solely of numbers or letters. Use letters of different cases, mixtures of digits and letters, and/or non-alphanumeric characters.

Borrowed from www.madhusudhan.info

My last piece of advice for my friend was this: Find two or three passwords that are easy for YOU to remember (following the guidelines above) and use a different one for each of your bank accounts, Paypal and such. This way, one compromised password will not let them into every account.

Got Questions? I am here to help! Use the Contact page to shoot me an email.

Bookmark the permalink.

Comments are closed.