SANDY BERGER: Beware!: Hackers Can Easily Crack Your E-Mail Password
When technology is good, it is very, very good. But when it is bad, it can be truly atrocious.
So it is with the hacking of Sarah Palin's Yahoo e-mail account. The bad guys are out there using technology for their own advantage. Whether they are serious hackers who want information for devious purposes or young students who just want to show their technological prowess, this theft shows that everyone is vulnerable.
The recent hijacking of Palin's e-mail is also a great example of how a hacker can gain access to an account and how e-mail accounts need to be better protected against such penetration.
We currently rely on passwords to protect most of our online activity. Professional hackers often use "password crackers" to guess passwords. Anyone can easily find these hacker tools on the Internet. They can even be purchased on CD.
There are word lists for common passwords and dictionary combinations of possible passwords in a variety of different languages. These tools are all aimed at giving a person all the technical tools that they need to guess passwords.
In Palin's case, however, the perpetrator didn't even have to use tools such as this one. A hacker identifying himself as "Rubico" claims to have been able to change the password on Palin's Yahoo Mail account quite easily.
All he had to do was use her e-mail name to log into the Yahoo Mail's interface and select the option to reset the password. Yahoo then asked him to provide her birth date and zip code, which have become public knowledge.
He then had to answer her self-chosen security question, which was where she met her husband. After several television interviews with Palin and her husband, the answer to that question also became public knowledge.
Palin was thrown into the public arena quite quickly, but even those of us who are not public figures may find that our passwords and answers to security questions can be easily guessed. Do you use the name of your spouse, child or pet, favorite sport, birthday or wedding date as your password? Have you entered security questions like place of birth or favorite color that are easy to guess?
Privacy as we knew it before the Internet is now a thing of the past. With the Internet, more of our lives are online than most of us realize.
Many people use blogging as a pastime and post information on MySpace, Facebook and other social networking Web sites. Once posted, all of that information is publicly known. And the Internet is archived, so even when you remove current information, previously posted information can still be found in Internet archives. That information can be used to guess passwords and access personal information.
So here are a few ground rules that may help keep your private information a little safer online:
- Use passwords that are not easy to guess and cannot be easily cracked. (Look for more on how to choose good passwords in next week's column.)
- Choose a security question for which others will not be able to guess the answer, or answer the security question with a response that you create, which is not necessarily the true answer.
- Use unique passwords, especially for important services and Web sites such as banking sites and e-mail.
- Keep your passwords private. Don't leave them on a sticky note on your computer screen or keep them in an unencrypted file on your computer.
- Change your passwords often.
- Do not change your password by clicking on a link in an e-mail from someone claiming to be a system administrator, bank representative or other seemingly reputable party. They may not be who they say they are. When you want to change your password, always type in the address yourself so you know you are at the real Web site rather than a bogus one.
- Use one credit card for all online purchases. This will limit your financial exposure.
- Keep your operating system updated.
- Use good anti-virus and anti-spyware programs.
- Consider using an encrypted password manager program.
Come back next week for the scoop on how to choose a good password.
Sandy Berger welcomes all of your questions and comments on today's column. Please post them on the Compu-Kiss Message Board at www.compukiss.com.
More like this story