Wednesday, 8 May 2013

Twitter hacking and password security

You may have noticed over the last month or so that a spate of high profile Twitter accounts had been hacked including Burger King, Justin Beiber, The fake Obama news story and the BBC Weather feed. Similarly sites like LinkedIn and Evernote have recently been forced to reset users passwords.

Some of these attacks have been blamed in certain circles on organised teams of Chinese cyber criminals, perhaps with official backing, to undermine these companies or to use their account information for their own ends. Some may have just been malicious/mischievous individuals doing it for fun.

Cyber crime, hacking, Fraping call it what you will, it is ultimately all the same. Whether your a corporate multinational or its your own personal feed, the problem is out there, all be it being carried out for different purposes. Which brings us to the point of this post, security. 

Yes, you have no real control over the servers or back end code that manages your precious online data. You do however have one key area of control and so many of us fail to maximise on this, that is dear reader : your password. Its your only real means of exercising some input on the safety of your personal information. 

I know most of us will never be targeted by teams of hackers crouched over their PCs determined to crack our Facebook password to view our recent photo uploads, but that's not the point. All too often people use the same password across multiple sites, get it for one and then they suddenly have access to a lot more personal information which could then be used in a more malicious manner. 

Lets look at it from a different angle though what if its not some nasty covert organisation trying to mine all your details but perhaps a not-so-close-friend or acquaintance? Someone from your office who has a slightly too keen an interest or underlying dislike of you, someone you have recently blocked, or an ex friend/partner of one of your close friends. These people could either want to dig into your profile to find out more about you, or perhaps use your profile to browse another persons profile. 

So i ask you, how secure are your passwords? 

Can they be guessed by people who know about it about you such as your pets name or favourite food or band? Is its just your name or worse still the word password? In the case of the Burger King Twitter hack their password was allegedly 'Whopper1'. Quite often these not-so-close acquaintances we mentioned might try a few guesses at these to see if they can log onto your webmail or facebook, just for the sake of it. 

A good piece on password security and the logic behind it was recently posted on the  PC-Pro website. It does get a bit techy with some of the background info but its well worth a look. This American blog has a good overall view on password strategy too and is worth a quick look. 

I guess the basics are:

  • Don't use common password such as 'password' or '12345'
  • Use letters and numbers to make it more complex and upper/lower case
  • Don't use one password for all your accounts
  • Keep your contact details up to date in case you need to reset them.
  • Remember it doesn't have to be a password, a phrase is better. 

For example your password could be: 'ferrari' 
Lets make it a bit longer: 'fast ferrari'
Then change the case: 'Fast Ferrari' 
Next substitute letters for numbers: 'F45t F3rr4r1'

Lastly we can add some special characters. You could swap an 'a' with a '@' however i recommend avoiding that as different keyboard mapping can mean you don't always get the '@' character as as passwords usually don't show as you type you may never realise it is appearing as something else

And there you have it: 'F45t_F3rr4r1!'  

Its still something easily memorable as you think about the phrase and then substitute the characters as you type. This is by no means a super secure password but a lot stronger than the initial one. You can check your password here and get a quick indication of how long it would take to crack and a nice colour coding of the page as you type going from weak to very secure. 

Be safe, be secure and then relax knowing that the only people looking at your information online are those your want to see it.

No comments:

Post a Comment