|Here's another solution from Hotmail that explains one way how spammers are able to hijack email accounts:|
Creating a strong password for your e-mail account: why you should and how to do it
Tags: account, security, email, e-mail, strong password, account protection, tips and tricks, password
Every day you’re bombarded with requests to create free accounts, register with a web site, or sign up for more information. Through all of this, people often don't associate these requests back to the security of their personal accounts; such as banking, email, or business information. This is what scammers capitalize on, to gain access to your assets.
How do scammers gain access to your assets?
It used to be through various automated means and took shape into what's called a brute force attack. This is exactly as it sounds - automations, or "bots", send non-stop attempts against the target until a way in is finally found. This may take the form of a dictionary attack where the bot literally runs through common words found in a dictionary in an attempt to crack an account. More sophisticated attacks such as trying to send code to the site which would open back doors or trying to overflow the thinking parts of the site so that it’s security checks fail rounded out the more common scenarios.
Nowadays, laws and expectations around the protection of private information has forced institutions to dedicate much more time and resources to preventing brute-force attacks from succeeding. Since the payload for the scammer is now much harder to come by, they are moving on to the easier targets wandering from the herd. Sites that are less prominent, newsgroups, forums, and other social networking types of communication open a new horizon for the scammers. Here, they can point their highly sophisticated bots at sites that may not be so worried about intrusion protection. And why would a forum care if someone copied their member's passwords? All they could do is post as that user, right? Wrong.
Using the same password everywhere puts you at risk
Even with all the focus on consumer safety on the Internet, many people use the same password for all of their accounts. Scammers rely on the fact that most users of these sites aren't technically savvy enough to have separate passwords for "throw-away" accounts and their primary passwords list for their highest security accounts. Their bots find openings in the sites and gather these email addresses and passwords. Now, they have the key to the front door.
The first thing is they will see if that is your email account password. If it is, then a lot of trouble is to come. Now they can send mail, pretending to be you, to your contacts asking them to send you money because you’re stranded somewhere. They can read all of your personal mail, and find out your open accounts through electronic statements. From there, they circumvent all the protection of the institutions by entering the valid information of their customer. If one of those institutions is your bank account, you can imagine the consequences. There is also no way for these institutions to stop this type of attack; the scammer entered the right password!
How to protect yourself
So, how do you protect yourself from becoming a victim? Following a few simple guidelines, you can create a wall of security around yourself that will help add to the security of the institutions you deal with. Whenever you create a new online account, consider:
· What is the purpose of this account? Are you creating a new account for online bill pay with your bank or are you more interested in the latest celebrity gossip? The answer to this should be the determining factor for the next questions as well.
· How secure does this password need to be? Access to your financials and email account is a critical thing; therefore your passwords for these accounts should be un-guessable, even by a computer. If it is to post a response on a gamer forum, perhaps it doesn't need to be so complex.
· How do I remember the hard ones? This is the inevitable gotcha of a secure password. With all of those requirements, how does one remember? Through some creativity, you can break some of the above rules if you concentrate more on others. See below for some creative ways to do this.
· Use Throwaway passwords! This is something that can't be stressed enough. Don't use the same passwords for your virtual presence and casual accounts that you use for your most precious accounts.
· Protect ALL of the passwords from everyone. Yes, this really does mean protect it from your family and friends. These people are the ones that know your most intimate details. Friends can sometimes quickly turn to enemies. Developing a practice of maintaining confidentiality of your passwords is an important step in securing and protecting your online assets.
4 Easy tips to create a strong password
So, how do you actually create a good password that’s not easily guessable that you can also remember? Complexity is the key to security when choosing a password.
1. No reference to your life. Highly secure passwords have no reference to a person's life that could be readily found online or through friends.
2. Longer is better. They should always be at least 8 characters long
3. Combine characters. They should contain a combination of letters, numbers and special characters, like a question mark, period, @ or #.
4. Change them on a regular basis. You can setup your Windows Live ID password to expire every 72 days, and it will automatically remind you to enter a new password. You can go to https://account.live.com and login to select these settings. You can read instructions on how to do this here.
Making the above tips work for you:
1. I want to use my pet's name – You can do that, but not exactly as the name is, because your pet's name is easily guessable and could be under 8 characters. A couple of examples can show you ways to do this:
a. A friend’s cat’s name is Bella. Bella loves tuna more than anything. A simple to remember password option could be: Bella#Tuna
b. A friend’s beloved horse’s name is Sand dollar. Combing letters and numbers results in a password option of: Sand D011ar (where the “o” is a zero and the “l”s are ones)
c. My dog’s name is Lady Dog. Using a more advanced option with something called Leetspeak (L33tspeak), a way of using special characters to form letters and words, I can create her name to be: |_aDy |)oG. (Notice in the word L33t that "3" replaces "E", which are close mirror images of each other.)
2. I want to use dates I can remember - You can do that too, again with some adjustments. One technique here is to concentrate on the password length. For example, a password that has 6 letter and number characters has 531,441 (9 to the 6th power) possible combinations. When you extend the length to 8 letter and number characters, the possible combinations jump to 36 to the 8th power; simply put, that's over a trillion different combinations.
a. I want to use my daughter's graduation date (May 15, 2008), my son's birthday (July 11, 1997), and my best friend’s birthday (August 2, 1980). Here's how this could look using different date formats and adding a space then comma for additional complexity: 20080515 07111997,19800802
b. If your wedding anniversary is May 25, 1990, and you use the “1, 4, 3” code for “I Love You”, your password options could be: 14305251990, or 143May251990 or May251990@143
So, today’s a great day to change YOUR password. Even better, change your password every time you change your clock for daylight savings. Even twice a year is better than none at all.
* Posted by Scott H
* Remove post from favoritesAdd post to favorites...
* Remove "Support Manager's Blog" category from favorites Add "Support Manager's Blog" category to favorites...
* Last Updated Apr 08 2009
* Last resolved a question on Dec 13 2009