Getting hacked is a common experience

Mike Dang  |  03:56 PM, Friday, October 28, 2011

If you're like me, you have more than 10 username and passwords to keep track of — e-mail accounts, online banking accounts, social media accounts, and more. And like most people, you probably reuse your usernames and passwords across multiple accounts because it's difficult to remember so many passwords. That's a mistake.

Facebook recently announced that less than a tenth of a percent of its one billion logins — 0.06 percent — are compromised on a daily basis. Techcrunch points out that 0.06 percent of a billion is actually 600,000 Facebook accounts that are compromised on a daily basis, which is actually a large number. Hackers often use these accounts to get access to more identifying information from friends and family members ("Honey, I forgot our bank account number, can you send it to me?") or for e-mail scams ("Help! I just got mugged while traveling abroad, can you wire me money so I can get home?")

In a recent 8,000-word piece for The Atlantic, writer James Fallows spoke with Byrant Gehring from Gmail's consumer-operations team after Fallows discovered that his wife's e-mail had been hacked and used for a scam. Gehring told him that Gmail "hijackings" occurred in the "low thousands" on a daily basis, which gave Fallows some concern. "Why are so many accounts so vulnerable," Fallows wondered.

It's precisely because we use the same username and passwords across our multiple accounts that makes us so vulnerable, and sometimes that means the same username and password that we use for online banking is being used to login to comment on news sites. For example, last December, The New York Times reported that Gawker Media announced that hackers had accessed its database and compromised 1.3 million username and passwords:

What’s more disturbing is that, by gaining access to people’s Gawker password, hackers may then have access to other accounts that use the same e-mail/password combination. That could mean bank accounts, e-mail, etc.

The easiest way to protect yourself from hackers is to have different passwords for all of your online accounts, but at the very least choose a long, complicated password that hackers will have difficulty deciphering. Here's Fallows:

Choose a long, familiar-to-you sequence of ordinary words, with spaces between them as in an ordinary sentence, which more and more sites now allow. “Lake Winnebago is deep and chilly,” for instance. Or “my favorite packer is not brett favre.” You could remember a phrase like that, but a hacker’s computer, which couldn’t tell spaces from characters, would see only one forbiddingly long password sequence.



• Choose a shorter sequence of words that are not “real” English words. I once lived in a Ghanaian village called Assin Fosu. I can remember its name easily, but it would be hard to guess. Even harder if I added numbers or characters.



• Choose a truly obscure, gibberish password—“V*!amYEg5M5!3R” is one I generated just now with the LastPass system, and you’re welcome to it—and then find a way to store it. Having it written down in your wallet is one, though the paper it’s on shouldn’t say “Passwords” at the top. The approach I prefer, and use for some passwords, is to entrust them to online managers like LastPass or RoboForm. Even if their corporate sites were hacked, that wouldn’t reveal all your passwords, since the programs work by storing part of the encoding information in the cloud and part on your own machine.

At a minimum, any step up from “password,” “123456,” or your own birthday is worthwhile.