Please Choose a Secure Password

(Originally posted May 26, reposted because it’s annoyingly relevant)

In the last 6 months, 12 18 22 25 of my friends have had their email accounts hacked. Either that, or all my friends are jumping on the Make.Money.Fast bandwagon by sending me junk email. If someone hacked your email account, what evil could they wrack upon you and your friends?

Here is a little article showing how you can make an easy-to-remember and (hopefully!) impossible-to-hack password. Please use this advice: Click me! Click! Clickie-poo! Clickie-kins!! Click-er-doodle!

Almost all of my hacked friends are on Yahoo. If you use Yahoo mail, please change your password to be secure!

23 Comments

  1. And if you HAVE to write down a password, which you shouldn’t, well then scramble it! Here’s one of mine: [scrambls}ceqdB6Lht ≹⋓⊉⊔⋇∾☎∊≲⊂⋉∪≘{]

  2. Lee Sonko says:

    Yes, Scrambls deserves a mention!

  3. But what I don’t get my “computer guy” friend is why do they do it? What’s the point?

  4. Lee Sonko says:

    Evil is it’s own reward! But moreso, it’s all about the money.They might try to sell you junk or steal your email address so they can do some scam to your friends (here’s one http://www.lee.org/blog/2012/05/25/watch-out-for-this-email-impersonation-scam/). In a recent “elegant” scam, the bad people put a virus on your computer and then when you go to websites that have ads on them, they show you the ads THEY want you to see instead. So you -think- you are going to some Facebook-approved advertisement but you’re actually going to… who knows where! (here’s more about DNSChanger http://googleonlinesecurity.blogspot.com/2012/05/notifying-users-affected-by-dnschanger.html)

  5. lee says:

    A friend’s account just got hacked a few seconds ago. I got some spam from him. I called and he tells me that his password was 7 characters, letters and numbers and “a word that shouldn’t mean anything to anyone”. You should make your new password tougher than that to guess!

  6. lee says:

    Another friend got hacked. Up to 13 now. (Hi Ke…!)

  7. lee says:

    14. Jeez people!

  8. lee says:

    15. Seriously? They are almost all Yahoo addresses getting hacked.

  9. lee says:

    16. Bored now.

  10. lee says:

    17. Hi Ken…

  11. lee says:

    18. Hi Mark F.!

  12. Metalwolf says:

    Getting an email from a friends email address that they did not send does not mean the account was hacked. If anything, it is more like fraud. I used to receive emails all the time from accounts that were non-existent until i installed spam software on my private server. I still occasionally get phishing attempts from accounting@(private mail server) claiming the company has received a speeding ticket or some other nonsense. It is likely that your email address was received when you added an app on facebook or gave your address to some other site and they sold the email address to spammers for money. Tell your friends to check their sent folder. Chances are most email was only sent using their names. That being said, I did suggest to my sister that she change her password when i received a message from her just as a precaution.

  13. lee says:

    Metalwolf, when a personal friend of mine sends me spam, either they have turned to the dark side or their account was hacked. I hope it was the latter! Spam from strangers is so 2011!

    Lately, all of this new spam has been coming from friends with Yahoo email addresses. That could be a coincidence but I doubt it.

    Yeah, you are right, my hacked friends should check their Sent email folder, but it is telling that only my less-nerdy friends are getting hacked; they either don’t know how or simply wont follow up on the problem.

  14. Metalwolf says:

    It is possible that their accounts were hacked into, but it is much more likely that they (and you) were added to spam lists and they simply mass emailed everyone with everyone else’s email addresses. If an analogy is needed for the people who are less nerdy here, it is about as complicated as the children’s prank of writing a fake note saying “i like you, meet me at the slide, from X.” In order to fool the person you gave the note to, all you need to know is their name, not their social security number, date of birth, etc. Back when i ran more servers, I had them set up to email me logs and other information from (server-name)@(private mail server), the point is that faking an email address isn’t hard. I just wanted to explain how a lot of this works because of your last line in the first paragraph. For many of the spam houses, your email address is a single line in a list of 10000. Unless you are a high profile member of society, the most the spammers will likely do is run a dictionary attack against your email address, then move on when it fails, assuming you have a strong password. They don’t worry about wrecking havoc between you and your friends because they are simply in it for the money and taking the time to try to break into your account takes away from the time they could be gathering more email addresses. This is still a page I would show to people who ask me how to chose a strong password.

  15. lee says:

    19. Hey Anne-Marie.

  16. lee says:

    20. Elizabeth on Facebook.

  17. lee says:

    21 and 22. Jim and a friend of Megan’s, in one day!

  18. lee says:

    23! Yo, Jay!

  19. lee says:

    24 Christina

  20. wle says:

    something else is just ‘spoofing’

    ie someone merely learns your email address and maybe your name

    then they just send fake mail that only –looks like– it comes from you – with fake header info that looks kind of real

    you can never stop that

    wle

  21. lee says:

    Wle, there is no reason to mention spoofing here. I have not seen any email spoofing going on, I have seen, as I mentioned, 25 instances of Yahoo email accounts being hacked.

  22. lee says:

    26 Chris N.
    27 … someone, I forget

    These spams are coming in about weekly. I’m tired of updating this list. Please just make a good password, ok?

Leave a Comment

Do not write "http://" in your comment, it will be blocked. It may take a few days for me to manually approve your first comment.

You can edit your comment after submitting it.