Recently a Facebook friend posted about password security, and even more recently, friends of mine have had their Facebook and email accounts hacked.
There is loads of good advice out there on how to prevent this, but my favourite is Lifehacker’s How I’d Hack Your Weak Passwords. It has my usual advice about using passphrases that incorporate capitals, numbers and symbols. My standard example is killing time, which could become “k!ll1ngtim3″.
Of particular interest from this article is information about how long it takes hackers to get your password with brute force. This obviously depends on the computers they are using, but check this out:
Read the full article over at Lifehacker for more detailed information.
What amazes me is how many people think that this doesn’t apply to them.
We have an intern working with us at the moment. He’s about 19 years old. I asked him about his passwords and he said “Why would anyone want to hack my email and Facebook?”. I guess when looked at from his perspective where he doesn’t have much, and he doesn’t hold many secrets, then this would be seen as a not an important thing.
So to answer his question, “why would anyone want to?” I put together the following list:
- Identity theft – not to steal your assets or email, but to set up a new identity under a name that is not theirs. They can then theoretically use your driver’s licence and speed or drive while drunk, or use your bank account to launder money. Then they can disappear into a new identity and leave you ‘holding the baby’ (or facing possibly criminal charges).
- To threaten or intimidate – unsavoury characters could force you to do things under threat that they will broadcast embarrassing information about you, or threaten people that you know. This sounds very TV-drama, however such a threat can be enough for someone to be coerced into depositing money or passing information from one person to another.
- To scam – a friend of mine recently had his email hacked, and an email was sent out saying that he was stranded in London, and had his passport and wallet stolen, and needed money deposited into his “friend’s” bank account.
So while you may not personally have anything that you think is worth stealing, sometimes your identity is enough.