How to Devise Passwords That Drive Hackers Away
By NICOLE PERLROTH November 7, 2012
Not long after I began writing about cybersecurity, I became a paranoid caricature of my former self. It's hard to maintain peace of mind when hackers remind me every day, all day, just how easy it is to steal my personal data.
Within weeks, I set up unique, complex passwords for every Web site, enabled two-step authentication for my e-mail accounts, and even covered up my computer's Web camera with a piece of masking tape - a precaution that invited ridicule from friends and co-workers who suggested it was time to get my head checked.
But recent episodes offered vindication. I removed the webcam tape - after a friend convinced me that it was a little much - only to see its light turn green a few days later, suggesting someone was in my computer and watching. More recently, I received a text message from Google with the two-step verification code for my Gmail account. That's the string of numbers Google sends after you correctly enter the password to your Gmail account, and it serves as a second password. (Do sign up for it.) The only problem was that I was not trying to get into my Gmail account. I was nowhere near a computer. Apparently, somebody else was.
It is absurdly easy to get hacked. All it takes is clicking on one malicious link or attachment. Companies' computer systems are attacked every day by hackers looking for passwords to sell on auctionlike black market sites where a single password can fetch $20. Hackers regularly exploit tools like John the Ripper, a free password-cracking program that use lists of commonly used passwords from breached sites and can test millions of passwords per second.
..***** Moderator's Note ***** Bill Horne Moderator