For more details and authenticity of this news please visit these sites
http://www.neowin.net/news/main/09/10/05/thousands-of-hotmail-passwords-leaked-online
http://www.articlesbase.com/internet-articles/microsoft-hotmail-servers-have-possible-been-hacked-you-hotmail-account-is-in-danger-1305637.html
Google as usual will provide with more links :-)
To start with the basics, you can protect your account much better than it is now if you haven't already done something like putting in a really strong password. Yes strong is emphasized, as some days back there has been a speculation and proof[http://www.geeksaresexy.net/2008/01/30/yahoo-captcha-cracked/] as CATPCHA(Completely Automated Public Turing Test to Tell Computers and Humans Apart) being cracked!! What weird thing is CAPTCHA?? Simply put it is the weird looking text (alphabets/words/mixture of letter and numbers) that is presented to you by some sites(secure ones as well) commonly while registering, may be while logging in or after a failed password attempt or some other transaction that must be done by a human, not a bot or malware in the wild.
http://www.articlesbase.com/internet-articles/microsoft-hotmail-servers-have-possible-been-hacked-you-hotmail-account-is-in-danger-1305637.html
Google as usual will provide with more links :-)
To start with the basics, you can protect your account much better than it is now if you haven't already done something like putting in a really strong password. Yes strong is emphasized, as some days back there has been a speculation and proof[http://www.geeksaresexy.net/2008/01/30/yahoo-captcha-cracked/] as CATPCHA(Completely Automated Public Turing Test to Tell Computers and Humans Apart) being cracked!! What weird thing is CAPTCHA?? Simply put it is the weird looking text (alphabets/words/mixture of letter and numbers) that is presented to you by some sites(secure ones as well) commonly while registering, may be while logging in or after a failed password attempt or some other transaction that must be done by a human, not a bot or malware in the wild.
Now, what is a strong password? Technically a password that mixes alphabets with numbers and sometimes special characters. Then what comes is to take care is that, the password is not easily guessable, that is to use words out of the dictionary! To make it really strong one needs to increase the number of letters or digits or special characters as well as have a diligent mix of them all, taking care it does not become a dictionary word or phrase e.t.c. By the way this dictionary i am referring to is not released by Oxford, it's harvested and enriched by hackers and crackers and Information security researchers all over the world!
To give an example: say the username is xyz@abc.com Now lets take a look at bad/undesirable passwords
EASILY GUESSABLE/WEAK PASSWORD : "xyz" (most of the modern websites don't accept these) or "zxcasd" or "1234567" or "password" or "letmein" or "asdfgh" or "pass123"
The realm of weak passwords is so huge that there can be hundereds of examples.
Take a look at this published list of 500 worst passwords of all times
Take a look at this published list of 500 worst passwords of all times
Also you can go through this:
http://www.smartplanet.com/technology/blog/thinking-tech/how-to-avoid-the-500-worst-passwords-of-all-time/908/?tag=shell;main&gclid=CMC_iaCouJ0CFU8wpAodE0ibjA
Hopefully your password did not feature there. Or did it show up? If it has have a li'l more patience to finish this blog and make a really good password.
Most common problem with uncommon passwords is to remember that junk the computer might have thrown to you as a suggestion or onetime password that needs to be changed at first logon. I hope to show you how to make complex and uncommon passwords, which are already featuring in some blogs or other forms of information dissemination. Why would you read this? Because may be I will be able to show you how to remember them as well.
Lets start with one weak password from the above list(500 worst password list): "dallas" features at no. 50 in the list. Lets convert "dallas" into "d@ll@s" ! This makes it a little stronger, but 8 characters is the least for a strong password. Why? We'll get to it later on. So play with dallas more. If your name is Rick, try this d@ll@s#R1ck. Sure this will be considered a strong password, by many of the password checkers! Do you think it's a password to complex for you to remember?
I am sure it isn't. But this is a stepping stone only, going forward you will see that this example is not good enough as per the experts.Anyways please go through it, as without "a-b-c" one cannot make words, let alone sentences! Well, coming back to the topic, the trick is to find letters in your password that could be replaced by similiar looking special characters as well as numbers. To give you a clue small "a" can be thought as @, while capital "A" as 4.You can make your own substitutions and make a cryptic language of your own. Just one word of caution as with passwords, keep it to yourself and yourself only! Now if you want to make it even lil' different, try this D4l1s$r1cK. Hope it's again easy to remember :-) You can make out hundreds of combinations like this I am sure.
Now you can go for a mix of more than 3 words to make it even harder to crack. Say you can add the last 4 numbers of you cell phone or reverse your birth year in between, like this. If Rick from dallas was born in 1976, he can make this as a password, d@1L5-6719-r1Ck. Once you get started with simple patterns you'll start remembering complex ones quickly. incerase the length of your passwords overtime(don't make it years!), as and when you think you have mastered one level. As far I know no one imposes limits on password length (Microsoft recommends 14 character for a pretty good password). But be very sure you can remember the pattern and reproduce it, as an when required. Another good practice is not to use the same pattern for multiple accounts.
Hopefully your password did not feature there. Or did it show up? If it has have a li'l more patience to finish this blog and make a really good password.
Most common problem with uncommon passwords is to remember that junk the computer might have thrown to you as a suggestion or onetime password that needs to be changed at first logon. I hope to show you how to make complex and uncommon passwords, which are already featuring in some blogs or other forms of information dissemination. Why would you read this? Because may be I will be able to show you how to remember them as well.
Lets start with one weak password from the above list(500 worst password list): "dallas" features at no. 50 in the list. Lets convert "dallas" into "d@ll@s" ! This makes it a little stronger, but 8 characters is the least for a strong password. Why? We'll get to it later on. So play with dallas more. If your name is Rick, try this d@ll@s#R1ck. Sure this will be considered a strong password, by many of the password checkers! Do you think it's a password to complex for you to remember?
I am sure it isn't. But this is a stepping stone only, going forward you will see that this example is not good enough as per the experts.Anyways please go through it, as without "a-b-c" one cannot make words, let alone sentences! Well, coming back to the topic, the trick is to find letters in your password that could be replaced by similiar looking special characters as well as numbers. To give you a clue small "a" can be thought as @, while capital "A" as 4.You can make your own substitutions and make a cryptic language of your own. Just one word of caution as with passwords, keep it to yourself and yourself only! Now if you want to make it even lil' different, try this D4l1s$r1cK. Hope it's again easy to remember :-) You can make out hundreds of combinations like this I am sure.
Now you can go for a mix of more than 3 words to make it even harder to crack. Say you can add the last 4 numbers of you cell phone or reverse your birth year in between, like this. If Rick from dallas was born in 1976, he can make this as a password, d@1L5-6719-r1Ck. Once you get started with simple patterns you'll start remembering complex ones quickly. incerase the length of your passwords overtime(don't make it years!), as and when you think you have mastered one level. As far I know no one imposes limits on password length (Microsoft recommends 14 character for a pretty good password). But be very sure you can remember the pattern and reproduce it, as an when required. Another good practice is not to use the same pattern for multiple accounts.
The example I gave above is to get one started with complex passwords, but it is just a stepping stone. Beware converting merely "password" to p@sswor0d" won't protect you well, the funda is to make the passwords tricky for a guess, but easy for you to remember. So try out a different approach each time, say make out a phrase you will easily remember as, "India is my home country and I love it the most" Now take out first letters of the phrase, it becomes -->> IIMHCAILITM It is a good password but lacks numbers or special characters. So lets make it complex: "iIm#C4I7!T|\/|" or "i Im# C4i7 ! t /\/\" But one problem that you can face is like some websites won't allow spaces, some don't allow all the special characters, but don't stop trying various combinations(use your imagination to the maximum!). Also this example is redundant by the use of same letters as initials. So make sure you have lesser, ideally no repetation of characters.
I know all these combinations and pattern stuff can overheat your natural processors, hence it is always a good idea to write them down. But in that case, do remember to keep that piece of paper in the most secure way you can.Guys, it could be your purse, Gals, may be your kinda purse.
Also there are a lot of products in the market (both for a price and free) which store all your passwords in the disk in an encrypted format.All you need to do is create a "Master Password" for accessing the software.
Here is one for quick reach: http://passwordsafe.sourceforge.net/
When you reach the download page search for the .exe format for download.
Do check this out, this is from the experts:
Do check this out, this is from the experts:
http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=32040
http://www.microsoft.com/protect/fraud/passwords/create.aspx
For the more geeky person:
http://www.microsoft.com/protect/fraud/passwords/create.aspx
For the more geeky person:
Good luck with your very strong passwords!
No comments:
Post a Comment