Mellow weekend, two movies and a book! »

You must change your password!

By: Qwaider

On:Sunday, March 11, 2007 5:16:57 PM
In:Thoughts
Viewed: (5535) times

Currently 4.4/5 Stars.
1
2
3
4
5

Rated 4.4/5 stars (178 votes cast)

The recent events that happened to Izzi's blog. Where her account was hacked and her blog got deleted. Some have speculated that there was a zionist plan to get this done, I personally can't remove Izzi herself from the blame list. And I can't stress enough to you people the need to have secure passwords. And to have a policy concerning your passwords.

We all struggle with passwords. I'm sure everyone has a bunch of them and memorizing all of these is ... well very difficult once the number of passwords get more than 5

So what do people do? They just use the same password for everything. From their bank accounts to their email and blogs. And this proves to be a grave mistake as in the case of Izzi

Password Guidelines:

The passwords need to be strong, containing Letters, numbers and special letters (like ,.-!@#$%^&*())... etc If possible (many services do not allow such complex passwords, so at least letters and numbers), capital an small letters
The passwords, must be something easy for you to remember and difficult for others to guess, stay away from your name, family member names, your pet names, date of birth ..etc
The passwords shouldn't be too short, anything less than 15 letters can be brute forced (try all combinations) in less than 30 minutes. (I don't want to alarming here, but consider longer passwords always) For most of the online services, mail, blog ... etc nothing less than 6 letters
Do not share your password with anyone. If you were forced to share it for some event or another. Make sure you change it right after it's done.
Keep a separate different password for each account you have.

I do realize that maintaining a separate password for each account might be difficult thing to do, therefore, I think It's time for some password policies

If you don't want to memorise passwords for everything, organize them in tiers. a) Most secure, b) secure, and c) I don't care

In the most secure category. You try to maintain a list of very secure passwords, that you would NEVER give to anyone (example, work password, bank account password, and your primary email account password)
The Secure passwords, are for your blog, regular email accounts, lock and unlock your PC ... etc. Things that need to be secure, but not necessarily ultra secure
And finally, the "I don't care" list. And this one includes (and read carefully) Forum accounts, online services accounts and secondary email accounts

Be EXTRA careful from anything online that's not a reputable software company. ESPECIALLY forums. Forum admins and Database administrators have access to user passwords, and to ALL their private Email!
Don't share or give your password to anyone who asks for it by mail
Don't EVER send passwords it by email
If you get emails in your email account asking you to confirm your password. DO NOT RESPOND. Instead, go to the website directly and do your work on it directly. (In other words, be careful of Phishing)
If you know, or even remotely suspect that your account might have been hacked, CHANGE YOUR PASSWORD IMMIDIATELY! In fact, when in doubt, change your password

Finally, there's no policy better than using common sense! You have a brain, use it!

Other Memories Documented on March 11

#B4JO: Live coverage, right here..
by: Qwaider.
In: 2010
Viewed: (5271) times

Supporting: World Day Against Cyber Censorship..
by: Qwaider.
In: 2010
Viewed: (4293) times

Blog for Jordan day, on the first page of Ammon - #B4JO..
by: Qwaider.
In: 2010
Viewed: (4636) times

BAJD: Follow up on the EVENT Live, right here..
by: Qwaider.
In: 2009
Viewed: (9461) times

"Blog about Jordan day" in the news!..
by: Qwaider.
In: 2008
Viewed: (6565) times

« Chemistry

Mellow weekend, two movies and a book! »

Memories....

#1
Duried
Said
On: 3/11/2007 7:10:57 PM

I can't agree with you more but I think that Izzi's blog and email accounts got hacked into in a different way. She does has different passwords for different account but what the hackers did was send her a file that can download it self into her PC and open a window that will give the hacker full access to her PC. Meaniningm everytime Izzi tried to log into her email account, blog, etc, someone was watching and recorded every single key stroke.\

So here's a nother lesson for everyone that should already be common knowledge: Never, Never, open attachements from untrusted sources and always scan any attachments recieved with an up to date anti virus and anti spy software!

#2
laila
Said
On: 3/11/2007 7:21:42 PM

EEK!

Just changed my PW, was a trivial one before!

#3
Maioush
Said
On: 3/11/2007 10:05:52 PM

I can relate to that, I lost 2 emails in my life because of the password thing, I was lucky and I was able to get one of them back, but the other one is just gone… (well. That was 8 years ago though, that doesn’t happen any more thank god).
I totally agree with you, if those guidelines were followed; I guess hackers will never get in to your accounts and PC’s.. Thanks Q… very useful post :)

#4
M Kilany
Said
On: 3/11/2007 10:28:08 PM

Excellent post... It felt like school at 6th Grade with a really tough teacher... ;)

#5
Palestinian Pride
Said
On: 3/12/2007 1:29:42 AM

Am sorry bas ur guidelines befedosh bshelen law 7da ba3atlak spyware :s .. aham she lazem ykon 3ndk anti virus updated .. l2no el spyware bejeblak el password sho ma kanat 7ta law kanat kolha !@#$#@!@# .

#6
Qabbani
Said
On: 3/12/2007 2:09:25 AM

LOOOOOL

if ppl keep save there PW on the Pc , it can be hacked in way or other , alot Do and save there password to make it easy to access , specially messengers ..

ist simple rule

Man make it man Crack it ..

#7
Qwaider
Said
On: 3/12/2007 2:15:15 AM

Duraid,
That's a good point, You must ABSOLUTELY NOT open ANY Attachment that you get in the mail, it doesn't matter if you know the person or not(because they themselves might have been compromised). It doesn't matter if you have an Anti-virus or not(because it might be a new kind of spyware, not previously known)
I would categorize this as "Pilot error" or the user got "fooled" into Installing spyware, that did all of that

Laila:
Good thing, I'm glad I reminded you to do this

Maioush:
Thanks, but we should really be skeptic as well, as I said, the rule is, when in doubt, change the password (and I might add also, FROM A CLEAN MACHINE)

Kilany:
:) LOL someone needs to squeeze your ear :)

Palistinian Pride:
I'm sorry but that's a WHOLE other problem on it's own. Password policy is not related to your system security policy. Getting fooled into running spyware, or through Phishing is the user's fault. So is weak passwords. Each one of these is considered an attack "victor" and they should ALL be addressed.
An Anti-virus, Anti-Spyware, Anti-Malware is ESSENTIAL to have on ANY PC you've got. In addition to that, a good strong password

By the way, if you noticed, I was talking about "Brute Force" attacks, and not user error

#8
Verbal Alchemy
Said
On: 3/12/2007 8:55:51 AM

Duried, very valid point, it happened with a relative as well. i never open any anonymous emails, and i reckon noone shud, even if the name sounds a bit familiar dont open any attachment unless ur very positive its someone u know.

i agree Q, one shud change their passwords frequently and have them in codes, like initials and numbers that mean something to them or a combination of characters and letters. it shud do the trick. but then again, technology (in addition to evil minds) has its sharp fangs that bite us even when we r too careful.

Bless u all!

#9
Qwaider
Said
On: 3/12/2007 11:08:07 AM

Verbal Alchemy, Even people you know might have compromised machines that is resending a virus on behalf of the person you know. And they're not even aware of the infection.

As a good rule, NEVER open attachments from ANYONE!