Perhaps the most frequent problem computer users experience is having their email accounts compromised because they are using easy-to-guess passwords.
Literally every week or two last year I received panicked phone calls from people asking “What can I do?” Add to this the dozens and dozens of emails I received saying “My email account was hacked. Don’t open any emails from me. They contain a virus. Sorry!” Every single one of these people had told themselves “It can’t happen to me.”
Criminal elements are using sophisticated software to break passwords, and if you use a simple password they are likely to gain access to your account. Usually their purpose is to send out spam to everyone in your address book, but I have talked to people who have suffered serious financial loss because the crooks gained access to emails with bank account numbers, personal data, etc. One person suffered the embarrassment of sending ads for raunchy pornography to everyone on their church bible study mailing list.
If you use one of the big three (Gmail, Hotmail, or Yahoo) today you simply must use a cryptographically-strong password (at least 12 characters, numbers and letters, upper and lower case). Failing to do so means you are very much at risk of being hacked someday.The power of modern computers has made cracking passwords easier. The first methodology for cracking passwords is a “dictionary attack.” This is simply trying every word in the dictionary, and the crooks have lists of every word in every language. If your password is found in any dictionary anywhere, the crooks have it already on their list and will eventually guess which it is.
The next password cracking technique is the “brute force” method. This means the computer trying to guess your password simply tries every combination of characters, trillions and trillions of them, until it finally gets to the right one. The longer your password, the longer it takes for the system to crack it. So, your goal should be to use long a password, one that will take a supercomputer a long time to guess.
A password such as “2011Pa$$” appears reasonably good because it incorporates upper and lower case, letters along with numbers and symbols; but the computer would eventually guess this. There are only 200 trillion possible 8- character combinations, and a fast computer trying thousands of guesses a second would eventually guess even that password.
Most security experts agree that beyond a certain point that complexity does not appreciably add to security, but that password length is absolutely the most important consideration. In other words, simply padding that password with extra characters such as “2011Pass$$$$$$$$$$$$” creates a password 20 characters long which, according to some experts, might take a supercomputer years to crack. Padding a password with the same character is vulnerable to “shoulder surfing” (someone peeking over your shoulder) but is almost cryptographically as strong as a random string of characters and a whole lot easier to remember.
Whatever password strategy you decide to use, please protect yourself and everyone in your address book by using a strong password. You will get no sympathy from me or from customer support at Gmail, Hotmail, or Yahoo if your email account is compromised because you were lazy and used a simple password.
Charles Miller is a freelance computer consultant, a frequent visitor to San Miguel de Allende since 1981 and now practically a full-time resident. He writes a computer column for San Miguel Atencion and his current articles may also be found online at www.theguadalajarareporter.com, and occasionally in the printed edition of this newspaper. He may be contacted at 044-415- 101-8528 or email This email address is being protected from spambots. You need JavaScript enabled to view it..