September 19, 2008
How Safe is Your Email Password?
One good thing to come from the Sarah Palin Yahoo Mail hack: Other free email users will be resetting their passwords with stronger ones.
As a hacker tells Gawker, "Passwords should not be real words. they should include at least three digits and at least one non-alphanumeric character. Example: foo&&b@x7978." However, PCMagazine.com editor Lane Ulanoff told WCBS 2, "In this case it didn't matter how strong the password was because they didn't need to know the password. They only had to know bits and pieces of info about you and then they could reset the password. How hard is it if you're the governor of Alaska to find her birth date and zip code?"
One activist who has been critical of Palin's use of personal email told the Anchorage Daily News, "If this woman is so careless as to conduct state business on a private e-mail account that has been hacked into, what in the world is she going to do when she has access to information that is vital to our national security interests?"
| 
add to stumble upon
add to reddit
email this
add to facebook
add to del.icio.us
[ report this ]
this is a pretty good method for keeping passwords uncrackable.
grab a piece of a random string, say 8-12 characters. this site generates random strings every time the page is loaded:
https://www.grc.com/passwords.htm
then, add or remove some characters. for example, if you start with this string:
5I0DY2MUh6HN
adding characters (X9):
5I0X9DY2MUh6HN
now, you can put the revised password in plain sight on your monitor/desk. only you know that the extra characters need to be removed.
method ganked from klaatu:
http://klaatu.anastrophe.com/index.php/2007/01/15/but-what-i-really-meant-to-write-was/
remember that hardware and software keystroke loggers are out there, and that no password protection is safe from them.
[ report this ]
It's the service providers policy towards passwords that makes it so personal passwords fail.
[ report this ]
My passwords are words in languages with small speaking populations and my secret questions are all stupid facts I have told no one, ever. Hack me, mthrfckrs!
[ report this ]
it doesn't matter how strong your password is or isn't if the password can be easily reset. duh.
[ report this ]
Hey people, even if you use 5-zillion-bit encryption, I can still read your password off that Post-it note on the side of your computer. Hahahaha.
[ report this ]
#1- good thing to have a password so uncrackable that you'd forget it. Mine is 1234. I don't give a a shit if people crack my e-mail. I don't really have anything there anyway, and if I did you'd have to scour tons of stupid conversations, spam, business, and whatnot. so good luck with that.
[ report this ]
it might be noted that it is stupid to actually give the *right* answers when giving your info to set up an account. it makes it a little harder to guess your birthday if it's the wrong month, day, and year, etc.
[ report this ]
"method ganked from klaatu:"
klaatu barrada nikto
[ report this ]
Its also stupid to use your personal address for business purposes when you are a governer.
[ report this ]
I think we can safely let that activist in Alaska know that Palin will NEVER have access to the VP's office. She is done. Toast. Over. Kaput.
[ report this ]
Barracuda refused to turn over 1100 emails in a F.O.I.A. Stating they are of a personal nature, when they are not. That’s a federal crime. It’s a pre-meditated crime,which to commit the crime of illegally shielding government documents is why she was using the account in the first place. Moreover the Attorney Generals Office of the great state of Alaska just issued an opinion that if government documents are in a private e-mail account,the State has the right to review them, that they must be saved for three years, and that to destroy (delete) them is a crime.In my opinion, Palin or someone in her employment (McCorkell? Having a P.I. Background & couldn’t resist giving herself 2 min. of fame)done this as an excuse to delete and/or discredit the account.I believe the trail will lead back to them if it’s followed in a prudent manner. Everyone so smart call this hacker so dumb.Do we have a sloppy hacker or a smart and devious hacker framing the kid?don't say no or act like you're so smart if you haven't considered it.If the I.P. Addy matches the kid in question yet it still doesn’t add up a then programs like netbus or back orifice with a built in wiping routine should be considered. These are common names for a trojan jacker that a hacker can take over your computer use it without you knowing it,then attack others with your computer address.It turns your computer into a proxy..after the deed is done it can erase itself and fill in where it was with random bytes. Anyone can download these programs off the net in a matter of three minutes..Remember M.O.M. (means,opportunity,& motive)Who really has all three? Palin...Let us not forget the bug Karl Rove found in his Texas office and the WHOLE story behind that!! What, you don’t know what I’m talking about? Oh well whatever nevermind
[ report this ]
You are mistaken. There are no criminal penalties for disregard of FOIA, and FOIA does not cover state records, states have their own laws. The Alaska Public Records Act also has no criminal penalties. FWIW, according to various groups, the Alaska law is one of the worst in the country.
[ report this ]
Or the one under the keyboard Jerky.
[ report this ]
These data breaches and thefts are due to a lagging business culture. Read some fresh and original thinking from the author of “IT Wars” - http://www.businessforum.com/DScott_02.html - I urge every business person and IT person, management or staff, to get hold of a copy of "I.T. Wars: Managing the Business-Technology Weave in the New Millennium." It has an excellent chapter on security, and how to scale security for any organization, any budget. It also has a plan template with all considerations. Our CEO has read this book. Our project managers are on their second reading. Our vendors are required to read it (they can borrow our copies if they don't want to purchase it). Any agencies that wish to partner with us: We ask that they read it. Do yourself a favor and read this book - then ask your boss to read it - then ask your staff and co-workers to read it.
[ report this ]
I'm with babyhitler. You would die of boredom if you hacked into my email.
[ report this ]
Your email may be boring but I can always use it to get your banking and credit card passwords.
btw what are guesses on Palin's password? godbless? trig? hockymom76? momof5?
[ report this ]
[1] Yeah, except you can never remember such passwords if you're away from your desk.
Why so upset, guys? Wouldn't you want to know the contents of an email from vp.palin@yahoo.com to king.putin@kremlin.ru?
[ report this ]
16, her password was "popcorn" in lowercase
[ report this ]
Actually, MrCow, her password was CHANGED to popcorn by the hacker. The original password was reset.