I have been hacked!: Stolen Passwords

 “I have been hacked!” Really?

I often hear this as a reason of friends when informed of their yahoo address sending out spam mails. I also hear this from people justifying their change of Facebook accounts, email addresses, or denying the sending of nasty or inappropriate emails.

Regardless of the real reason why they were hacked, access to one’s email is always with use of a password. Passwords are like keys to doors that control access to valuable assets tangible properties. Passwords, being the key to all internet doors, are our first and last layer of online defense.

Just recently, the professional networking site LinkedIn reported the apparent compromise of 6.5 million passwords.  LinkedIn, popular among professionals, reported that hackers, suspected as Russians, stole and published the passwords they have collected for LinkedIn. Obviously, the stolen passwords came with their corresponding usernames. If you are a LinkedIn user, you may opt to change your password now if LinkedIn hasn’t warned you yet. But like me, don’t worry if the hackers will publish your account content. I will thank them for publishing my professional profile. Worry only if hackers use your account to post embarrassing messages and photos.

I have more concerns if my Facebook or Gmail account is hacked or my password is compromised by malicious massive attacks against FB or Google websites. Just like most, I keep some sensitive, private, and confidential messages and photos in my Facebook and Gmail accounts. In Facebook, these information maybe in the form of private and custom-view photo albums, and of course, privileged and private messages with my friends. But my Gmail poses more critical and greater concerns. My Gmail password is my key to access all other Google services. So is my Facebook password when I access other Internet sites.

I always ask those who claim that only their accounts were hacked why were they targeted in the first place. Why would hackers in Eastern Europe target a particular account of a person based somewhere in Bacolod City?

Am I drawing attention to myself by writing this article? Some hackers reading this article will find it a challenge to steal my passwords and exploit the contents of my Gmail, Twitter, Facebook and Pinterest accounts. Am I a valuable target or “person of interest” to them?

In today’s linked and shared login accessibility, when one logs in to his Pinterest and other sites with his Facebook or Twitter account, the risk of collateral damage is high, therefore, a strong password is very necessary. Keeping valuable information in an Internet account with no encryption and strong password is like displaying large amount of cash in a glass cage with padlocks that can be opened with a hairpin.

So what is a strong password?

USES OF PASSWORDS

Just like our mechanical keys or key cards that we use to open our doors, to enter our residence, bedrooms, offices, and even closets, passwords are also used to transact with our bank accounts online, to download and update apps, download music, or make connected devices work. Secured operating systems to activate robots and personal computers require both usernames and passwords. To add security and privacy of wi-fi connections, passwords are also necessary.

Whatever the ulterior motives of hacking, it is still a proof that intrusion into one’s private data was successful.

MY BEST PRACTICES IN PASSWORDS

Do These:

1. Use and mix at least 4 easy to remember words with special characters or numbers in between. 

Using at least 4 words forces you to make longer passwords or passphrases. Don’t forget that a space is also a special character. Why words and not mix of letters? Words are easier to recall unless you are used to jejemon texting. What is the use of a forgotten password anyway?

2. Use long passwords 

Long passwords are already passphrases. The longer, the better. Try to have at least 12 characters composed of upper and lower cases, numerals, and special characters.

3. Change password regularly. 

This does not mean you can change every minute or daily. I change password after 37 days then after 39 days, then after 300 days. I use my phone’s calendar to remind me to change all my passwords.

Between calendar reminders, I change passwords when I suspect “unusual” activity, images, postings, or spam mails in my accounts. I immediately change password when I know of a cyber-security breach among any of my accounts in Facebook, Multiply, Google (Google+1 & Gmail), LinkedIn, Twitter, Skype, etc.

Why all of these? There is a chance that one compromised account can be used to intrude into my other accounts.

On other hand…

Do not recycle used passwords.

This poses a challenge when you got a lot of used ones already. Writing down even your used passwords may reveal your style or pattern. I use a simple formula that serves as my mother-of-all-passwords guide. Isn’t this dangerous to have one masterkey? Well, my formula may appear as a masterkey but each letter and variable (say, x+y+2+b) could also stand for a word, phrase, number, combination, or another formula.

Do not use words similar or derivatives of your public information. 

Words like “party animal”, “sexy”, “hot”, “hunk”, “pogi” or “lovable” are not just too easy to guess but also quick to break by a hacking software. These are common words and simple combinations or string of letters or even of numbers.

Do not use words related to the site. 

Such as “facebook” or “savings” which Facebook or your bank will reject anyway. Hackers already included all exact words found in the site’s main pages and their derivative words in their list.

Do not use religious words or words of endearment. 

All words in the religious vocabulary, which are associated with love, affection or relationships, are on top in the list of hackers.

Do not use number sequence regardless how long it would be. 

If you have to use sequence because of memory recall handicap, try placing special characters in between the numbers. Remember through that what is “12” to you is just numerals “1” and “2” to a software. Try to use space between numerals.

Do not use words related to profanity, swearing, racist remarks, blasphemy, and other foul language. 

All words in this vocabulary are already in the default list of hackers. People tend to hide their dark side under the cloak of asterisks. Remember, hackers are already in their dark side too.

Do not use the same password for all your account.

Your password for your email account should be different from your social network account and online banking. Otherwise, the hacker will have easy access to all your accounts without hacking into them.

STRONG PASSWORDS

A strong password is one that is hard to hack, or technically, to crack. A weak password is one that is easily guessed outright or quickly known using software. Refer to the strong password chart.

Protecting Your Password

The world has become more complicated with the advent of the Internet. Online transactions, both personal and professional, have become common because of the simple and straightforward process online transaction entails.

One can keep in touch with someone on the other side of the world with no trouble. This is the same with business transactions. One can buy an item or talk to someone from the farthest reaches of the world.

The downside to these, however, is that identities can be stolen in the process. One of the ways identity theft succeeds is through stolen passwords. Here are some tips to safeguard your password:

1. CHANGE

• Change your password into a stronger one.
• Change your security question or make one. Your security question is one which only you know the answer.

2. REBOOT.

a. To make sure that you disconnect
• Log-out after changing password and log in again.
• Or restart our browser and log in again
• Or reboot your computer and access your account again to assess for damages

3. ASSESS

• Check for “damages”. Just like checking your place after a break-in, check for unusual and suspicious changes in your account. Anything left behind?
• Check first your sent folder if messages were sent from your account. Then check all folders and inbox for suspicious mails planted as draft.
• Check your account information if there are any modifications. If none, try to modify those you can. For example, place of birth could be from “Manila” to “Manila City”

4. UPDATE your protection software
• Try to stick to one anti-virus and intrusion detection software that you think is credible and effective. Am I implying that you change your current one?

1 thought on “I have been hacked!: Stolen Passwords

Comments are closed.