What do you do when you register in such networks as Facebook or Twitter.
You enter an e-mail.
Where do you have your “recover password” set for most of the accounts you use?
You enter an e-mail.
Where do you receive your payments and fiscal reports?
On your e-mail.
Alarmed?
You should at least be aware.
Having your e-mail compromised can lead to tons of problems.
Most of the social networks are providing too much information about yourself. Like your GF/BF/Pet name. Your interests. Your kids’ names. Your favourite books. How often do you contact a person (your best friend) and more.
It’s not that hard to guess your password from your interests and family. Believe me. It’s valid even for me. And from that point on, the bad person that wants your account information, can activate at all your sites of interest the “forgoten password” mechanism and change all your passwords to something else. Steal all your money. Know all your secrets. Download all your private data and use it as s/he sees fit. Just by guessing your e-mail password.
Lately one of my friends allowed his password to be guessed by a hotel picollo. He got all his credits in Texas Hold Them Poker game – lost. 80 millions. Don’t know how long it takes to collect that much… His pasword was his GF name.
The point is… Simply protect your weakest point the best way you can.
If you have ONE e-mail for all purposes, the password should be something really hard and strong. Something even your best friend can’t guess. And even if s/he can… not entirely guess it by the letter.
Suppose you are Clifford D. Simak fan to the grave and adore the “City” the way I did in my youth. Suppose you set your password to be “jenkins”? It’s actually too short. And you probably put your nick name in most of the games you play to be also “jenkins”. Not too short would be jenkinstherobot. But it will also be quite guessable. If not by an actual no-good-doer, it should be easily guessed by anyone that knows you, what you read, what you prefer and what inspires you.
If you are dedicated to your girfriend or your kids or your best friend, it’s still easy. They will first try first names, than senior names, than family names, than all 9 combinations of them with and without spaces. Than with and without capital letters. And believe me. That’s merely 81 combinations.
Today’s normal dictionary attack makes this for a fraction of the second. Your password is weak if it is pure text. And this is valid for ALL your accounts. Not just your master e-mail.
Period.
Good password would be anything that consist of capitol and normal letter and digit or digits. Examples:
- I_l()ve_Jan3
- J3nk!nsTh3R0b0t
- Az!m0vRulzz
- M0rdr3dAndM0rgana
- MyL!feF0rAiur
- \/f0rVend3tta
etc.
In all cases – don’t use weak passwords in an account that can compromise other accounts. It’s imperative. A friend of mine made another blog post in Bulgarian regarding the needed e-mail security. You may want to check his blog post if you are Bulgarian. The diagram in the post heading is quite true and easy to remember. I’ve taken some ideas from his post and the talks with him too. One of the ideas for good password is to make a word, that has nothing to do with ANY dictionary on the planet but is still very easy to remember. Imagine the sentence “I very much enjoy drinking beer while chewing sausage with my friends in the pub at eight”. Now concatenate all the words to 1 letter each. The password becomes:
- Ivmedbwcswmfitpa8
Guess that password with or without dictionary attack or with brute force and I will buy you a beer… and a sausage 😉