Everyone knows that their passwords are supposed to be secure. But how secure? And what’s the worst that could happen if someone gains access? Recently I’ve had trouble with someone attempting to hack my email account and gain access. It made me think about the different level of importance that some passwords have. If someone correctly entered my myspace.com password for instance, then there is a very limited amount of damage they could do and very little they could gain. They could perhaps annoy my friends by sending them messages and upload pictures that aren’t of me. But myspace is barely used by any of my friends now, they have all moved to facebook (as have I) so I wouldn’t be too concerned. It might even prompt me to delete the dormant account, myspace might even kill it of for me. If however someone gained access to facebook, or my blog or my bank account then that could really get some damage done and financially gain from it. But what about your email? You do have an insanely long hard to guess password on your email don’t you? If someone gains access to your email account then they can access every account on every site you have ever used! They may even have some good blackmail material.
Most important passwords (highest first):
- Email login
- Computer login
- Everything else
Your email password is the easiest for someone to crack. Your email also means they can gain access to every website you have ever signed up with. They can do this remotely without you ever knowing which is why you must have this password as long as possible.
Your computer login should be different to every other password. Your computer login should never be transmitted unencrypted or written down. This doesn’t need to be as insanely long as your email password because people shouldn’t be able to remotely access it, but it should be long enough for someone not to easily see you type it in. Remember, if someone has access to your computer and cracks your password, then your email account password may be forfeit too.
What your up against:
It’s important to know what your up against in the battle for online security. The bad guys that want your email account for sending spam, committing fraud etc have bot nets. These are computers which they control remotely to do whatever task the bad guys need. In this case they may have 1000 computers on their botnet and they have decided they are going to hack your email. With a thousand computers, they can try to log into your account 500 times a second (assuming 2 seconds for a connection attempt). So if your password is literally just a word, they will succesfully guess it in less than 5 minutes. If your password consists of 8 randomly generated numbers and letters then this botnet will take 179 years to try every password combination. The problem is that botnets are growing in size every day and yoru passwords need to keep up with this trend.
- Don’t use webmail. You will be tempted to use on public machines or round a friends house etc… and if yoru using webmail, then you can remember the password which means the password is probably too easy to guess.
- Your password should be long, very very long. Ideally it needs to be more than 20 characters of random mixed case letters, numbers and symbols. “But how will I remember that?” I hear you ask. You save this password into your email client e.g. Thunderbird.
- Use an email client. Here is a guide on how to get thunderbird to encrypt your email passwords, which adds a further level of security should your computer be stolen. http://kb.mozillazine.org/Master_password
- All your email activities should be encrypted, if your email provider doesn’t support this then move away from them ASAP and get a proper provider. The way to set this up will be different for some email providers and some email clients but generally you will want to switch to using SSL. Here’s a guide on how to do this with Thunderbird. http://webnet77.com/secure-email.html
- Use IMAP instead of POP on your mailboxes and take regular backups.