Tue, 2011-10-18 17:25 by admin

By James Fallows

Read the complete article at the Atlantic

On April 13 of this year, a Wednesday, my wife got up later than usual and didn’t check her e‑mail until around 8:30 a.m. The previous night, she had put her computer to “sleep,” rather than shutting it down. When she opened it that morning to the Gmail account that had been her main communications center for more than six years, it seemed to be responding very slowly and jerkily. She hadn’t fully restarted the computer in several days, and thought that was the problem. So she closed all programs, rebooted the machine, and went off to make coffee and have some breakfast.

When she came back to her desk, half an hour later, she couldn’t log into Gmail at all. By that time, I was up and looking at e‑mail, and we both quickly saw what the real problem was. In my inbox I found a message purporting to be from her, followed by a quickly proliferating stream of concerned responses from friends and acquaintances, all about the fact that she had been “mugged in Madrid.” The account had seemed sluggish earlier that morning because my wife had tried to use it at just the moment a hacker was taking it over and changing its settings—including the password, so that she couldn’t log in again. The bogus message that had just gone out to me and everyone else in her Gmail contact list was this: …

Read the complete article at the Atlantic

TrackerJack's picture


Tue, 2011-12-20 20:43 by TrackerJack

Just the kick in the butt I needed to implement stronger, different, more diverse passwords for my accounts. Already do the multiple backup routine. Thanks!

KeePass and password hints

Wed, 2011-12-21 09:06 by admin

I just installed KeePass 1 on my computer and on my Android phone. Version 1 is compatible between the two, so I can just copy the database file to and fro. KeePass 2 on the computer would require database import and export, also doable, but just a tad more awkward.

KeePass is one of the several password managers around. It may not be the very best or most convenient one, but it is open-source, and I consider that a prerequisite for any high-security software. It is still pretty good to use.

(No, I don't get any money for this blatant plug. I just tell my story. :-)

Anyway, now I can handle all the different and difficult-to-remember passwords.

Password rules are to avoid all character sequences that can be guessed, for example with the help of a dictionary. Also avoid all other popular sequences like 123, abc, asdf, dadada, whatever some clever hacking software could guess.

Use at least 8 characters with upper and lower case letters, digits, and special characters. If you use only lower case letters, you have to take more, like 12 to 15, to achieve the same difficulty level.

If some computer system wants you to enter a backup question, make sure that its answer is not easier to find or guess than the actual password.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.