My dad just received a phone call from the church secretary. “Mr. Snipes, did you know you are sending us emails for Viagra?”
Imagine that. Deacon George sending Viagra ads to all his friends and church associates. I thought it was funny, but he was hacked. In every sense of the word.
We’ve all seen the ads. Our friends post links to our Facebook wall about how they lost three times their body weight on this new amazing diet. We get emails from someone with a link to buy various drugs from an overseas pharmacy without a prescription. Hot stocks, secret bargains, or the infamous video where you are informed, “I can’t believe what I saw you doing at that party – click here”
Don’t click it! In fact, don’t click anything unless you know what’s behind it.
Hackers have long ago discovered the best way to gain your trust is to send you a link from someone you know. That’s why so many scams focus on hacking your email or Facebook accounts. And who can resist the fear of being caught in an embarrassing photo or video? “I don’t remember anything embarrassing! Let me see.” Click. Hacked! Now you are sending the same message to all your contacts.
In the next couple of articles, we’ll go through a few scams and protections. The first rule to avoiding the hacker is good security. The second is to be suspicious. Very suspicious. Your mom would never betray you, but her hacked computer certainly will.
Let’s talk about passwords
A simple password is an easy hack. About a year ago my email was hacked. I’d had the same password for years, and in the past it was considered a secure password, but as hacking programs become more sophisticated, passwords must become more complicated to avoid being discovered. My old password began with a capitol letter, ended with a capitol, and had two numbers. But one day friends started telling me I was sending spam.
The hacking program was well written. It guessed my password, sent an email to all my contacts, and then deleted my contacts to make it difficult to warn anyone. To make matters worse, it also turned on my vacation notification to auto-respond to incoming emails with more spam. At the same time, I began seeing reports of others with the exact same problem.
How does a hacker get a password? There could be many ways. If they can install a keyboard logger by persuading you to click yes at an unscrupulous website, that can do it. Or if they can get someone to respond to a fake inquiry, hackers can get victims to willingly give passwords and valuable information. We’ll talk about that later.
The most common way is by using an application to guess a password. There are several methods, but to give the cliff notes version, an application attempts to access your account by running through a dictionary of possible words and combinations of words. In the past, mixing upper and lower cases, and adding numbers was enough to thwart most attacks. Today, these dictionaries use smarter technology that can mix and match words, numbers, and letter cases. This means that if you spell password backwards, you’ll be discovered. The program (or bot) will guess a word by trying to enter variations like this:
And so on. It will go through every possible combination of that word before moving on to the next word. In order to dodge the attack, your password has to fall outside of the hacker’s algorithm.
Secure Password Ideas.
Don’t use your kids, boyfriend, husband, or another familiar name. Danny123 is a sure hack. Plus, you don’t want to use the same password for every site. Yet, if you have to write your passwords down, you have blown any real security. Instead, come up with a pattern that you can easily memorize. Mix words and create a complex password.
Let’s brainstorm for a moment. I’ll choose an idea that no one around me will know. Promise not to tell anyone, okay?
The first dog I remember is Tootsie. When I had this dog, I lived on Oxford Lane. Let’s just say the address was 3171. Not saying it was, but the crazy lady next door may still be there. So my initial idea is this:
That’s a pretty good start, but as it stands, believe it or not, it’s still hackable. So let’s convert a few numbers to letters and vice-versa.
In case you can’t tell, the letter ‘o’ has been replaced with a zero, ‘E’ with ‘3’, ‘I’ with ‘1’, etc. On the letter ‘I’, I like to mix in ‘!’s and 1’s. Don’t let your pattern be an easy guess. Not bad, if I do say so myself. However, it’s 20 characters. Most sites limit passwords to 12. Some to 8. Even with 8 characters, you’d still have:
You really don’t want an 8 character password unless the site forces you to. If this is the case, the above password is still weak. Beginning with a capitol letter, having two zeros and two numbers together reduces the complexity. So you could mix it up.
t0oTs!3@ is a pretty good 8 character password. And if I can remember Tootsie, I can probably remember this password.
You have a certain way of thinking, so substitute characters based on how you would remember it. Whatever characters or patterns you thought of first is how your mind naturally flows, so go with your natural way of thinking. The important thing is to use varying classes of characters. Lower case letters, upper case, numbers, and special characters are classes of characters. Use them to spell words or phrases. To keep the phrase from being guessed, switch the words. Instead of starting with the phrase, MyDogIsTootsie, use TootsieIsMyDog or do the Yoda grammar, TootsieMyDogIs
Rather than keeping dozens of passwords in your head – which you won’t do – have a base password and add something to it for each site. Come up with a 3 digit code for the type of sight. For example:
Bank = 3Nk (a three looks like a partial B and it’s substituted for BNk, or bank without vowels. Kinda like today’s writing styles among teens.
BTW, in case you’re wondering, my bank is Bank of America, and my account number is 1006318774
Retail = 3tL – three tail
Social sites = z0cL – z for ‘s’. It’s my abbreviation for social – socl
I could go on, but you get the idea. This way if I use the above password suggestion, it could be something like t0oTs!3.z0cL for my Facebook account. That really is my Facebook password. Go ahead, try it!
Play around with these methods and come up with something that works for the way you think – then you’ll remember. After you type it in a few times, it will stick to your mind like bad hair.
Good password management will protect you from bots that try to guess your password, but it won’t help against Trojans and malicious software. Coming up, we’ll look at a few more hacker problems and who knows, we might come up with a solution. This is better than cracking your computer screen with your forehead. Unless you’re into that kind of thing. But who am I to judge?
If you have some suggestions for password security, post them in the comments below. If you want to share your username and passwords with the world, feel free to post those below, too.