By now, I’m sure you’ve all heard about the Twitter hack that compromised the feeds of several high-profile accounts, including Barack Obama and Britney Spears. What makes it especially difficult to spare Twitter’s blushes is that the hack originated in a brute-force attack on the account of an administrator.
GMZ, the teenage hacker claiming responsibility for the attack, guessed the name of one of Twitter’s administrators and then simply ran a program that guessed the password using words from a dictionary until the correct password from found: it was “happiness.” Not so happy now, I’d wager.
According to the folk at What’s my Pass, the top ten most common passwords are:
I mean, really, people! Back in 1993 I was having it drummed into me not to choose any obvious words or names of family members as a password, and some of you are still doing this? If I were a less generous person, I’d say that setting a password with something that simple is virtually asking to be compromised. Hackers have moved on; doing a brute force attack is old-school. They expect better of us these days.
Your password should be a mixture of numbers, letters, and – if possible – symbols. The longer it is, the better: aim for 13 characters, in a jumble that makes no sense whatsoever. Yes, it will be a pain to memorise, but it’s less likely to fall prey to a brute-force hack. You’ll be even less thrilled when I tell you that you should change it frequently: fortnightly for critical websites, monthly for sites you’re not worried about. It may seem overly paranoid, but you have to ask yourself: what price would you put on your personal data?
[Image by Simon Lieschke]