Yes. Anybody who can use two-step verification, probably should. In addition, if you're willing to invest some time in configuring and safeguarding it, I'd recommend a password tracking app. That way you can have completely random, unique alphanumeric passwords and change them often.
Of course, it's worth noting that unless your password is "password" or "hello" or something similar, it's unlikely that a program will be able to guess thousands or millions of random passwords to try to log into your accounts. Google, for example, would lock down your account long before your password could be discovered by force. So if your accounts are getting compromised, it's likely that there's some larger problem for which this is only the symptom. On 1/16/13, Joe <jsoro...@gmail.com> wrote: > All very true. Still, the two-step verification system, as pain in the ass > as it is to set up, goes a long way toward providing a little more > security. > Google, Dropbox and other popular providers now offer this option.--Joe > > > > From: viphone@googlegroups.com [mailto:viphone@googlegroups.com] On Behalf > Of Eric Oyen > Sent: Monday, January 14, 2013 10:44 PM > To: viphone@googlegroups.com > Subject: Re: SPAM email, hacked email accounts and password safety > > > > a lot of the password problem has to do with the power of modern systems. > my > machine here cn crack most passwords within 6 hours for most passwords of > 12 > ro 20 characters. > > > > A big part of this capability has to do with a rainbow dictionary file. I > spent about 5 days letting a password generator create every sequential > password combination starting from 4 characters and proceeding through the > 40 character limit. the passwords included every generatible character (15 > symbols, punctuation, numbers, upper and lower case letters). the file was > approximately 1.5 TB. This is what most modern script kiddies (I refuse to > honor them with the title hacker) uses. Some educated guesses (such as > birthdate, sun, other personal info) can be made on available data (no one > is immune to having an online profile these days). this will tend to cut > down the time required. Still, the oldest (and most tried and true) method > is still the classic social engineering. the second is hidden code (virii, > worms, and trojans). With the plethora of vectors available, its a wonder > that more doesn't happen. > > > > anyway, this my 2 cents worth. > > > > -eric > > > > On Jan 14, 2013, at 12:49 PM, Alan Paganelli wrote: > > > > > > Um, any password can be hacked. No matter how careful you are and all > that, > given enough time, password can be hacked. I had a password of 14 spaces > with both upper and lower case letters etc as you described and changed it > every other month and yet I still got hacked. They aren't using trial and > error any more. The providers are doing all they can to protect users but > it still happens and even to the best of us. > > ----- Original Message ----- > > From: Sieghard Weitzel <mailto:siegh...@live.ca> > > To: viphone@googlegroups.com > > Sent: Monday, January 14, 2013 8:15 AM > > Subject: SPAM email, hacked email accounts and password safety > > > > Hi List, > > > > I have seen this before, it is clearly SPAM and since Anna is a legitimate > list member it probably means somebody hacked her account. This is why I am > also forwarding this message to Raul directly in case he didn't have time > yet to read it. Hopefully he has a way to contact Anna or maybe she will > read this post. She needs to change her password immediately and I would > probably hazard a guess and say her password was probably a fairly simple > word. I can only stress again how important it is for people who use a word > even if it is 8 or 10 characters long and contains maybe a number or 2 to > change it to a random password with upper case and lower case letters, > numbers and symbols. Not all websites allow symbols, but if they do use > them. Here is a good article about password strength and it contains a > method I have been using for some time. The article gets a bit technical at > times, but I encourage everybody to read it anyhow: > > > > http://en.wikipedia.org/wiki/Password_strength#Creating_and_handling_passwor > ds > > > > In section 5.2 a method called "mnemonic passwords" is described like this: > > > > Password policies sometimes suggest memory techniques to assist remembering > passwords: > > mnemonic passwords: Some users develop mnemonic phrases and use them to > generate high-entropy (more or less random) passwords which are > nevertheless > relatively easy for the user to remember. For instance, the first letter of > each word in a memorable phrase. Silly ones are possibly more memorable. > > > > I suggest not to use a well-known quote like "To be or not to be, that is > the question". Use something out of your life that makes sense to you. For > example: > > I really like Clive Cussler books, for those who aren't familiar with them > the 2 main characters are Dirk Pitt and Al Giordino, one of my favourite > books of his is called "Inca Gold", it was first published in 1994. > > > > Using this information I make up the following sentence: > > > > Inca Gold is my favorite Cussler book; Pitt and Giordino are awesome! 1994 > > > > Note I used upper case for the first leeters of the book title"Inca Gold" > and capitalized the first letters of all the names. I used a semicolon in > the middle of the sentence an exclamation mark at the end and I stick the > year when the book was published at the end. This sentence contains 12 > words, 2 symbols and 4 numbers. If I use the first letter of each word, the > 2 symbols and numbers it gives me an 18-character password. I know this may > be too long for many and it's sort of a pain to enter it especially on a > virtual keyboard, but this is just an example although you should use at > least 12 characters to have a really secure password. If I were to use > this, > the resulting password would be this: > > > > IGimfCb;PaGaa!1994 > > > > > > I do actually use 14 to 18-character passwords for iTunes and other sites > where my credit card is stored, entering them becomes pretty easy after you > do it a few times and on the PC I use Roboform to fill them for me. Anyhow, > I think my point is clear, a sentence like this is easier to remember than > a > 12-character password generated by a random password generator, but it's > just as random to anybody else or to a password cracking program. OK, > enough > said, keep save online and for those who have kids, teach them not to use > their best friends name or birth date as a password, if you use this method > coming up with good passwords becomes a habit like brushing your teeth. > > > > > > Regards, > > Sieghard > > > > > > -- > You received this message because you are subscribed to the "VIPhone" > Google > Group. > To search the VIPhone public archive, visit > http://www.mail-archive.com/viphone@googlegroups.com/. > To post to this group, send email to viphone@googlegroups.com. > To unsubscribe from this group, send email > toviphone+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/viphone?hl=en. > > > > > > -- > You received this message because you are subscribed to the "VIPhone" > Google > Group. > To search the VIPhone public archive, visit > http://www.mail-archive.com/viphone@googlegroups.com/. > To post to this group, send email to viphone@googlegroups.com. > To unsubscribe from this group, send email > toviphone+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/viphone?hl=en. > > > > -- > You received this message because you are subscribed to the "VIPhone" > Google > Group. > To search the VIPhone public archive, visit > http://www.mail-archive.com/viphone@googlegroups.com/. > To post to this group, send email to viphone@googlegroups.com. > To unsubscribe from this group, send email to > viphone+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/viphone?hl=en. > > > > -- > You received this message because you are subscribed to the "VIPhone" Google > Group. > To search the VIPhone public archive, visit > http://www.mail-archive.com/viphone@googlegroups.com/. > To post to this group, send email to viphone@googlegroups.com. > To unsubscribe from this group, send email to > viphone+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/viphone?hl=en. > > > -- You received this message because you are subscribed to the "VIPhone" Google Group. To search the VIPhone public archive, visit http://www.mail-archive.com/viphone@googlegroups.com/. To post to this group, send email to viphone@googlegroups.com. To unsubscribe from this group, send email to viphone+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/viphone?hl=en.
