Would this be a good time for me to pipe up with my favorite methods for coming up with memeorable strong passworeds? Yes? Alrighty then...
Take a phrase you know well and are unlikely to forget; a quotation or lyric is often good. Let us take something from George Orwell:
Four legs good, two legs bad!
Now all we have to do is take the first letters:
Flgtlb
Flor extra strength, we can keep the punctuation ad us numeral where appropriate:
4lg,2lb!
You can use other rebus type techniques to get an approriately strong yet memorable password. One I used for a while was the opening of The Rime of the Ancient Mariner:
it is an anicient mariner,
And he stoppeth one of three.
which became:
IiaAM,&hs1/3.
Lets see a dictionary attack break that one... not that I can use it any more having shared it, but you see the point.
Yes, that's more or less exactly what I was trying to describe in the post above yours.
I just want to report, that it has been 17 days since it happened, it has NOT happened again, so far, keep my fingers cross.
I deleted ALL my contacts from yahoo.com right away, 17 days ago, when happened. exported the contacts into a file, virus checked the file and imported into another email account, and absorbed the loss and moved into a different account. It took me 1 evening and 1 morning to take care of it, so far so good. I am now using the new email account and slowly phase out the old account. So far, there is no more trouble... keep my fingers cross,
I just managed to reset my Yahoo password, knowing only my username, date of birth, country, zip code, and my father's middle name. No hacking necessary. If I can do it, someone else can do it too.
All of that is stuff that can be easily obtained by someone who knows me.
I'd recommend using some safer solution for e-mail. (I don't use Yahoo for mail myself, but Flickr requires a Yahoo ID). Or answering wrong to those stupid "safety" questions (in a way you can remember).
Also, your username and password probably have been compromised by something much more common than WiFi eavesdropping. Maybe your PC has a keylogger trojan. Or some other place you've been accessing your mailbox at.
Or maybe you've typed your username and password to a website after clicking a link in e-mail you just received. And that happened to be a phishing site. (Almost happened to me once, with some very authentic looking FB notification. I only noticed the trick, wrong URL on the address bar, because the e-mail field was pre-filled with some strange address.)
Unfortunately, https won't protect any of the above.
I just managed to reset my Yahoo password, knowing only my username, date of birth, country, zip code, and my father's middle name. No hacking necessary. If I can do it, someone else can do it too.
All of that is stuff that can be easily obtained by someone who knows me.
I'd recommend using some safer solution for e-mail. (I don't use Yahoo for mail myself, but Flickr requires a Yahoo ID). Or answering wrong to those stupid "safety" questions (in a way you can remember).
Also, your username and password probably have been compromised by something much more common than WiFi eavesdropping. Maybe your PC has a keylogger trojan. Or some other place you've been accessing your mailbox at.
Or maybe you've typed your username and password to a website after clicking a link in e-mail you just received. And that happened to be a phishing site. (Almost happened to me once, with some very authentic looking FB notification. I only noticed the trick, wrong URL on the address bar, because the e-mail field was pre-filled with some strange address.)
Unfortunately, https won't protect any of the above.
Unfortunately, I don't remember my father's middle name
A Swiss security company called Objectif Sécurité has created a cracking technology that uses rainbow tables on SSD drives.
Apparently it is the hard drive access time and not the processor speed that slows down cracking speed. So using SSD drives can make cracking faster, but just how fast?
One article in March of this year stated that the technique using SSD drives could crack passwords at a rate of 300 billion passwords a second, and could decode complex password in under 5.3 seconds.
Well, I'm waiting for the fingerprint scanner instead of password. I know they exist -- I've even worked where I had to use one whenever entering or leaving. But they aren't really widespread yet.
And for further security, companies can do full body scans and scan different body parts at random. ("Enter your knee below the flashing light.") I read in I think Slashdot the other days that ears were good...
Quick reply...
Keep computer clean of malware.
Don't use insecure Wi-Fi while entering a password.
Don't open attachments.
Forward all received spam to spam@uce.gov (I'm not sure I remember it correctly).
Disable Flash.
Use different but memorable passwords.
For instance:
on newscientist.com you have no special private information, in the worst case subscriptions can be changed. So I use: NewScientist.
Can be cracked, but it's of no use to the cracker, because I don't give any private information to this account.
I hope that possibility to see IPs of all sessions using the account and switch off all of them (with inputting password and image captcha and audio captcha) will become standard. Video captcha isn't much different from image captcha, but audio captcha IS, especially if you choose unusual language in your settings (this setting reading/writing should be guarded by audio captcha, too, so that the cracker couldn't know the language and its pronunciation).
