Today I received another "I'm stuck in London so wire me some money." email scams from a friend. Some miscreant on the other side of the world has gained access to her email account and is using it to try to steal money. This is relatively common today. Wether from a security breach that happened to Yahoo! in July or through other password cracking techniques, many thousands of Yahoo! email accounts have recently been hacked and are being used to send advertisements and scam emails.
So what should you do?
Yahoo! seems to have this problem more than any other email service. One of their hacked databases was actually storing passwords in plain text rather than in an encrypted format. This was a huge blunder on their part. Even our own home grown customer database at Preactive IT Solutions encrypts user passwords before storing them and we only have 7 users. If you need to have a free email account, I would move to GMail. Their SPAM filtering is better anyway.
No Easy Passwords:
Do not use your spouse's name or your birth date for your password. This should go without saying, but don't use password, welcome or other simple favorites. Make your password at least 7 characters long. Longer is better. Also have upper-case and lower-case letters, numbers and even some special characters in it (Example: str0ngPa$$w3rd!). The more you mix it up and the longer it is, the harder it is for a computer to crack it.
Do No Mix Passwords:
Do not make your online banking password the same as your facebook password. Use a different one for each account. This way if one account is hacked, the others are not compromised.
Keep Passwords Safe:
Do not write passwords on sticky notes and leave them under your keyboard. If you use many different passwords, you may be tempted to record them in a file on your computer. Do not do this. There are many computer viruses that scan computers looking for passwords. If you must have a reference then do not write the password, but rather the first letter or some indication that will help you remember it. If you tell your browser or other program to remember passwords, then put a password on that computer. Especially if it is a mobile device. Imagine leaving your phone at a restaurant and the next person to pick it up has access to your email, your dropbox and other online services. For mobile devices, you can install applications that will allow you to wipe the device clean from a web site in the event the device is lost or stolen.
Password safety is really common sense. Make your passwords complex, do not use the same password for everything and keep your passwords safe.
Know someone with business or home computing issues? Do them a favor and send them to Preactive IT Solutions!