Change email passwords regularly

      2 Comments on Change email passwords regularly

Happy New Year!

Here’s a tip to start your year off right!  It’s also serving as a reminder which I will try to do more often for everyone via my Facebook, Twitter and Linked In pages.  It’s time to change your passwords for…well…everything probably.

OK, so there are two points to this article, one is your passwords should be at least fairly complex, depending on what it gives you access to.  The second part is, you should change your passwords regularly.  How often depends also on the level of importance to those types of files.

One thing that happened to a client of mine today that also recently happened to a friend has prompted me to write this article today. If you ever received an email from someone you know but it doesn’t sound like something they would send, that was probably not them and their account was hacked and you should get them to read this.  If you received emails or phone calls from people you know saying they received emails from you that doesn’t seem to have come from you, then your email account has probably been compromised.  Now I know this is only to do with email, but this article is about more than just emails.  It’s your Facebook, online banking, etc.  But because email is so common to get hacked, that’s how people get tricked into clicking on links in emails because most people are told, “Don’t click on a link in an email from someone you don’t know”.  Well, that’s good, but sometimes you shouldn’t click on links even when it is from someone you know.  Because it wasn’t really from them.  They were hacked.  OK, let’s move on.

The second part is short so lets’s address that first.

Change your passwords often

Something like online banking, you probably want to change the password every few months at least, if not every month which is not very realistic for anyone to do.  At least, if you suspect a problem that someone may have hacked your account, you can change your password at that time to stop the issue from continuing, and then report the issue to the bank, or whoever depending on your situation.  If you have just done something stupid, or think you’ve possibly compromised your account and it’s too late to undo your actions, no problem.  Just simply change your password immediately and you’re safe.

Something that goes hand in hand with passwords is security questions.  These are questions that an automated system will ask you for to reset your password if you forgot it.  This is another way in for hackers.  They can just click on the link saying “I forgot my password” and then they get a prompt saying “no problem, just tell us the name of your dog and we’ll tell you your password”.  Awesome!  Guess what happens next…

Let’s say I’m your neighbour, I’m hacking into your account, I know your email address, I know you have a dog and I know it’s name because I see you often outside yelling at it.  🙂  So, I punch in that name and bingo! I’m into your account, I know your password, and I can send and receive emails just like you.  Or if it’s your bank account, “cha ching!”  Moral of the story, in addition to not having simple passwords, you need to not have simple security questions.

How to choose a good password

The best way to explain this is to say what’s a bad password.  Don’t use dictionary words.  Go to www.dictionary.com and type in your password.  If it comes up, you could easily be hacked.  There are problems out there that will go through the entire dictionary and try all the words.  There are more advanced programs that will do more complex algorithms like adding a number at the beginning or end of your password.  That makes it easy to guess as well.  Assuming your password is hack, here’s a list of bad passwords.

hack
1hack
2hack
3hack
4hack
7hack
8hack
9hack
hack1
hack2
hack3
hack4
hack5
hack6
hack7
hack8
hack9

I think you get the idea based on my examples above what a bad password is.  A good password is one that meets us somewhere in the middle between an easy one and a very complex password.  Complex passwords are being required more and more.  Just today I helped a client change his email password and it was only 5 characters long and it said the minimum length is 6 characters.  Depending on the service you are using, they will force you to have a certain length of characters and sometimes enforce other characteristics of a good password.  I will list them for you.

  1. Minimum 6 characters long
  2. Minimum 1 numeric character (0-9)
  3. Minimum 1 alpha character (a-z or A-Z)
  4. Minimum 1 uppercase letter (A-Z) and 1 lowercase letter (a-z)
  5. Minimum 1 symbol (!@#$%^&*()-+=/?.,<>`~)

A good password would use 3 of the 5 above mentioned characteristics of a complex password.  An example would be if I used twinbytes but instead used tw1nbyte5.  This password was already more than 6  characters long, but was all lower case and had no other characteristics to it.  What I did to keep it easy for me to remember was I changed the i to a 1, and the ‘s’ is similar to a number 5 so I made it a ‘5’.  Now my password has at least 6 characters, numbers and letters.  That’s 3 of the 5 requirements for a really good complex password.  Now ofcourse I would never use that as a password because I just gave that out to everyone here, and because it’s still fairly easy to guess.  Let’s try….  How would you change the word ‘love’ to be more complex?  1ove.  We changed l to a 1.  That’s too easy, if you know what someone’s password is, just try changing any ‘l’ to a ‘1’ and ‘e’ to a ‘3’, letter ‘o’ to a number ‘0’, etc.  There’s a few possibilities that make it harder to guess, but at least it’s not a dictionary word by throwing a number into it, a program that automatically guesses passwords will have a harder time guessing that password.

So back to my example tw1nbyte5.  3 out of 5 requirements met.  How to make this harder would be simply adding symbol in there somewhere.  At the beginning or end makes it easier for you to remember, but putting it in a random spot makes it harder.  Also, making one or two letters uppercase.  Now all 5 requirements are met.  Using are same example would look like this: tw1nbyTe5*   Now we have the uppercase letter and a symbol.  To make it harder still, make another random letter uppercase, add another symbol and to really go crazy, make it a sentence like:

Tw1nByTe5re@11ykn0w5h0wt0M@k3AG0oDpA55worD

Incase you can’t decipher the above, I wrote: Twinbytes really knows how to make a good password.

Change your passwords now, change them often, and make them hard to guess.  Not hard for people to guess, but hard for computers to guess.

About Daniel Gauthier

work as a peace officer in various forms. Daniel wrote a book in 2009 called “Tech-Knowledgy” which got him on television and radio a few times. The concept behind the book was “to level the playing field between computer techs and non-techies so they don’t get take advantage of”.
Daniel has a couple certifications including MCP and A+; he is preparing to write the Network+ exam and has studied CEH (Certified Ethical Hacker) and CHFI (Computer Hacking Forensics Investigator). Daniel has run his own computer service business “TwinBytes” since 2004. He has done a few talks on cyber security and generally enjoys training, educating and helping others.

2 thoughts on “Change email passwords regularly

  1. Pingback: Password security | Tech-Knowledgy (Based on the book)

Comments are closed.