Email Password Stealing Bastards!

[theGinsue]

15 years Computer Security exerience
CompTia Security + certified
More training in creating/applying the proper pssword strategies than you'd think anyone should ever have to go through

I still had my main eMail password @ just 7 digits (I did employ the other techniques though - except changing it regularly) - got hacked lass September. Changed it right away. Verified noone was forwarding from my account and apparently caught it before anything was sent from the account. Still sucks. Took me 5 months to finally stop typig that old password first when logging in.

I feel for you.

Now, I'm using the whole 14 character minimum, 2 upercase characters, 2 lowercase characters, 2 numerics and 2 special characters - minimum and changing often (not every 60 days like I should though).

Ticks me off that I have to go through such a hassle because someone feels entitled to stealing what I've earned. (the respect of my Contacts among this)

[Hoosier]

eMail password @ just 7 digits (I did employ the other techniques though - except changing it regularly) - got hacked

Did you use the password anywhere else, or did they have to brute force it?

Am I the only one using Gmail two factor? It should pretty reliably prevent the Chinese attack that many people are getting hacked from.

H.

[Byte Stryke]

64 Character passwords using the Swahili and Russian Alphabet paired with 256 bit encryption.

[blacklabel]

Am I the only one using Gmail two factor?

I use it and love it. Definitely one of the smartest things that Google has done.

I also don't have any passwords that are duplicated. Everything is unique and as random as possible.

[Zundfolge]

I've been using this password generator to create passwords that are unique and random looking but that I can easily replicate if I forget them (I also saved a copy of that page locally just in case it ever disappears from the net).

Basically you use a master password that is easy for you to remember, then you input the URL of the site (like www.co-ar15.com for example) and it generates a funky random looking password for you to use for that site. Since it uses a consistent algorithm to create the passwords, when you forget your password (because you will) you can go back to that site and re-enter your master password and url and there's the password you forgot.


Another option for password security is this thing.

[streetglideok]

My old aol account that I only use for facebook was hacked. I recieved a spam email from it to my yahoo account this am. Ugh. Had to go in and do some cleaning of my contacts and change my password.

[Zundfolge]

Some of you kids may be using LastPass, but since they store your passwords on THEIR servers (and their severs may have been hacked recently) I wouldn't recommend them.

However a similar type program is KeePass (which is available for most platforms).

There was a good article on this subject on Lifehacker today.

[CrufflerSteve]

Be careful with gmail. I currently use that for all my accounts but I'm wondering about backup accounts with other providers. Also about backing upmy data. Some of the hacking victims have been reporting losing all their email & contacts and it turns out google isn't that great at storing it for the free people. People with commercial accounts with them have better recovery.

Steve