The Hacked Effect 2 Comments

Posted on 17th Aug, 2008
Categorized as Articles, The Web
Shortlinkage
2 Comments

Passwords

The password is the key that unlocks your email address. Unfortunately, many users tend to try and keep this simple as possible so it’s easier for them to remember. However, one thing to note is that this also makes it very easy for a hacker to guess or crack it. A surprisingly large number of people just use their email address as their password as well, and other common choices include names and birthdays which are also quite easy to crack.

As a general rule, your password should be at least 7 characters long. Inserting a few capital letters, numbers, or special characters such as @ and # in your password to make something like: pAss678wOrds will make it very difficult for a hacker to crack. And since online services tend to have a limit to the number of login attempts, it is likely that the hacker will not be able to guess successfully.

However, passwords with alpha-numeric and upper-case/lower-case combinations can be hard to remember; pAss678wOrds is quite forgettable!

So one way of creating good passwords is to combine a single baseword with different combination of letters and numbers that correspond with the site you’re making the password for. Your baseword would be constant throughout all your passwords (to make it easy to remember), but the end section would change with every site. For example, if I choose as my baseword joota1990 (joota means shoe in Urdu) and the site I’m making this password for is Facebook, may password would become: joota1990facebook.

Joota
Shoe, in the Urdu language

So the password structure is this: <baseword> + <website’s name>

To further obscure my password, I could make my baseword joota@1990 so my password would become joota@1990facebook. If I want another password for Gmail, it can be joota@1990gmail or joota@1990googlemail. For additional obscurity, you can use alternative names of the site you’re making the password on; for example, using stock symbols — so a password for Google could be joota@1990goog, and one for Amazon could be joota@1990amzn.

Now, my password structure has become: <baseword> + <(symbols) / (punctuation)> + <(website’s name) / (other unique string that identifies the site for you)>

An added advantage to having a baseword in Roman Urdu is that it adds millions of other possible combinations the hacker must take into account. Moreover, Urdu being our first language, it might be easier to remember an Urdu baseword. You might even use any other language that you might know to make a good baseword. Or even combinations of different languages — go wild!

You only need to memorise the baseword, and even if you can’t, writing it down somewhere won’t hurt because no one would understand what joota@1990 means; no one would be able to use this because they don’t know where it applies and won’t know what the other section of the password is (even if they do realize its a part of a password).

Some good choices for a baseword are a combination of your name, an obscure word and your date of birth. Use your favorite roman Urdu word and number; or even the initials of your mother’s complete maiden name along with her birthday.

Of course, the above tips are generalized, and I strongly recommend you use them only as guidelines in creating your own password structure. The trick is to create a string that looks complex to strangers, but is easy to remember for you. Try to think of a password structure for yourself – one that you think is unique to you.

You might then want to check the strength of your password at Microsoft’s Password Strength Checker to see how it might fare against a dictionary attack.

Backup

In preparing for the worst, data backup is the first thing you should think about. Email is an integral part of everything we do online, and losing so much information can be disastrous. So backup your emails (or at least the ones from your primary account), even if you don’t think you’ll ever need it!

If you’re running a POP email account with Outlook or Thunderbird, your mail is (most likely) already being downloaded on to your computer. Microsoft has a support article on how to backup email in Outlook, and here’s another article that walks you through the process.

For Mozilla Thunderbird, you can either do it manually, or use MozBackup to back things up.

If you’re using a web-based email service (such as Yahoo! Mail, Gmail, Windows Live Mail or Hotmail), things might not be so easy, because these services don’t offer a “download your email” option.

Gmail is the only provider that offers POP3 and IMAP access for free, and that makes things very easy. if you’re a Gmail user, Lifehacker has a post that rounds up on how to backup Google Apps data, including your emails from Gmail — methods include using Thunderbird (and POP3) or fetchmail.

Yahoo! Mail users were out of luck until a few weeks ago, when the Yahoo! Zimbra Desktop (YZD) application was launched. YZD is the first time Yahoo! Mail (free) users are able to use an IMAP-like service for offline access to thier email. If you have a Mail Plus account ($20/yr) however, you have access to IMAP and mail forwarding as well; you can use Thunderbird to backup email, or forward your mail to another address.

Windows Live Mail (And Hotmail) also does not provide POP3 or IMAP access to free users, but they do give an option of forwarding email to another address, which can be used to set up a backup archival system. Here’s an article that will walk you through how to automatically forward mail from Windows Live account. With this setup, you can forward your mail to a Gmail account (1 copy), and to download it to your computer, use the methods to backup mail from Gmail (see above).

Alternatively, you can use a program like MailStore to backup your email from multiple POP/IMAP accounts. MailStore can also back up to external media, such as a thumbdrive or DVDs.

Other Tips

  • Never give your password to anyone: this includes your best friend, the email service provider, and especially emails that claim to be from a banking service! No website will ever ask for your password apart from making you enter it into a form because there is simply no reason to. Even if an email that appears to be from your email service provider threatens you that your email address will be canceled if you don’t reply with your password, do not listen to it because it is most definitely a scam designed to scare you into giving up your identity without a fight. One such scam involved people receiving email from Gmail address with the username of google-accounts (which a malicious person had registered) and telling them to reply with their username and password to “win” 2 extra gigabytes of storage for Gmail — a hacked email address is what they got instead. Never believe this sort of stuff!
  • Be careful of where you store your passwords: Do not write your passwords in a text file and put them on your desktop, because you never know who might see it. In fact, try to keep your passwords inside your head, because that’s the safest place they can be. If you really do have a problem with memory, use a password manager that can save and encrypt your passwords so they aren’t in plain view. You can try KeePass, which is a free program that can hide your passwords from prying eyes with strong encryption. There is also Passwords Plus by DataViz which is available for $30.
  • Clean up your act online: This is a whole othet topic in itself, and I think warrants a separate post, but for now think of all the things in your email address and social network profiles – go take a look right now, I’ll wait. Do you really feel safe with all this online? Will you be able to handle it if someone gets their hands on this information and misuses it? It’s almost a given that people you come into contact, especially your employers will search for traces of you online. Be careful with the kind of information you make available on the internet and always try to protect your personal information. Lifehacker has a great post on how to manage your online identity, and why its important, which is a good read if you want to manage your online reputation.
  • If you really must forward chain letters, use the “BCC” (Blind Carbon Copy) field instead of “To” so that your contacts’ email addresses are not exposed. Be careful with the “Reply-All” feature because you never know how many people might read what you send out.

Next: After you’ve been hacked

Pages: 1 2 3 4 5

2 Responses to The Hacked Effect

Add your own!

  1. effisy

    i have a world NO1 hacker Name Usman Country Pakistan sialkot

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

Connect with Facebook

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>