Yes, it could happen to you

12:00 am Articles, Ask the Geek

The hacked Yahoo account of Republican vice presidential candidate Alaska Gov. Sarah Palin topped tech news for a week and I’m certain we’ve not heard the last of it. The story has stirred talk of online security, lurking knots of curious crackers (“criminal hackers” — not all hackers fit that description, you know) and the wisdom of using personal accounts for nonpersonal purposes.

Aside from the political implications of this event, the questions that should be foremost in your mind are simple: Could it happen to me? Could my online accounts be compromised? Could I wake up one morning to discover that someone has posted the contents of my Inbox out onto the wild, wild Web?

The answers are Yes, Yes and Yes, it could absolutely happen to you. The good news, though, is that this event would have been simple to prevent. This week, let’s talk about your password (but not out loud where someone could hear).

Choosing a password

The most common mistake a computer user makes is to create a password that is too simple. Is your password a word I could look up in a dictionary? If so, it’s not so much a password as a speed bump. Software and scripts are readily available to try every word in the dictionary to see if it matches your password. For passwords, using dictionary words is a bad idea.

Your password should never be your own name, or the name of a family member, a pet or a friend. Crackers love getting to know you better and use those names against you.

Passwords shouldn’t use the numbers in your birthday, or your Social Security number, your telephone number, your street address, or other numbers that could easily be discovered.

Remembering a password

Don’t write passwords down. Many times throughout my career I’ve found the ubiquitous Post-it note stuck underneath someone’s keyboard that lists all of the person’s usernames and passwords. This isn’t a great idea for home use, but it’s a terrifying idea for office use. The idea behind a password is to keep it safe, not to tattoo it on your forehead.

Consider using multiple “levels” of passwords. I follow a few rules of thumb. I often use one password for blogs and forums that I don’t care much about but that require a password. I use an entirely different password for e-mail accounts. I use another entirely different password for accounts that have access to credit cards or other banking information. In other words, my password for “Joe’s Blog” will be different from my e-mail password, both of which are different from my password. The reason is simple: If “Joe” goes rogue, he won’t use the e-mail address and password I have on file with his blog to read my e-mail and then guess which bank I might use and try logging in.

If using more than one password sounds like too much of a pain, consider using a password-management program. (See the link below.)

Challenge/response questions

Many online accounts, including Yahoo Mail, incorporate challenge/response questions in case you forget your password. The most common is your mother’s maiden name, but many sites have adopted new questions. Some sites let you create your own question and answer.

The problem in Palin’s situation was that she answered those questions accurately. Believe it or not, she was too honest. Her answers were easily discovered using Google and Wikipedia.

Here’s my tip: Lie, but be consistent. If one of your questions is “favorite actor,” maybe your true answer wouldn’t be Keanu Reeves, but you might want to claim he is. It would be even better if you made up a fictional name off the top of your head. (Just don’t forget what it was.)

One last tip: Try not to rouse the curiosity of online social misfits who truly have nothing better to do with their time than try to brute-force their way into your accounts.


  • PINs is a great example of a simple Windows-based password-management program. It can safely store your various usernames and passwords. (Tip: Run it right off your thumb drive). Access PINs at:

(This article was originally published in the Amarillo Independent newspaper.)

One Response

  1. bankoffrank Says:

    “This week, let’s talk about your password (but not out loud where someone could hear).”

    Nice Line!

    I would like to add my personal favorite password maker:

    1) Pick an easy to remember word or phrase with seven or more letters: We’ll use ‘bobdole’
    2) Shift the word over, right or left, a key on the keyboard: We’ll go left so ‘bobdole’ -> ‘vivsikw’
    3) Trace up the keyboard for each letter adding a number after each letter: ‘vivsikw’ -> ‘v4i8v4s2i8k8w2’

    Voila; a super hard password that you won’t reveal even when you’re getting tortured because EVEN YOU won’t know what it is, but ONLY you can figure it out when you have a keyboard in front of you.

    Your easy to remember word or phrase is permeated two unusual ways. If you follow Kevin’s rules above to pick your baseword then you’ll be super-safe.

Leave a Comment

Your comment

You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Please note: Comment moderation is enabled and may delay your comment. There is no need to resubmit your comment.