Hacked Account Case

My friend Sam’s Gmail account was hacked, neither him nor me had any idea. One day the hacker was google-chatting with me through Sam’s accountPassword hacked :( and was asking me for my credit card information. I would have given the number and other information if I would have had the card that time as he is one of close friends who I can rely on and trust. Fortunately, my credit card was not with me so I referred him our other close friend John (this is his nick name) and hence I was saved from being cheated.

Hacker did not contact John!
John, who is the one I referred to hacker, was not contacted for either of the two reasons: He was not online. Or Hacker did not know who John was! John is my friend’s nick name and hence hacker did not find anything specific to John.

How could have the hacker got that I was his one of the best friends?

I am one of the regular chatters with Sam. Google saves all the chats in the chat history. For sure, hacker must have gone through the chat history to see our previous chats and from the content of our chat he guessed that we are close. Normally, when you ask your friend to do a favor, the friend if he is close won’t really think much and just do it. However, you should be alert all the time.

What may have caused the Account hacked?
All these companies like Google, Yahoo, MSN, etc cannot be blamed for this security smash. It’s the user responsibility for maintaining the security of the passwords and keeping them strong.

The reason that his password was hacked could be that he accessed it from some local cyber caf’. Hackers can read the sensitive information using some software installed on the users machine that reads every key which is fed through the keyboard. And hence he was able to crack it even when the password was strong. Sam had no way to change the password later this incident because all the account details were modified by the hacker.

It was a nightmare for me. Thankfully, neither me nor John were the hunts!

I hope these emailing companies find some better solutions like fingerprint authentication or alike to be used world wide on internet so that it would not just rely on the passwords.

Cheers,
Steve

Related Articles:

Creating Strong Passwords

Needless to say that passwords should be strong to keep your information safe and hence yourself! Everybody knows how important it is to keep the passwords safe and secured. While this should be mostly taken care of at the service provider side like emailing, etc., it is also users’ responsibility to create strong and well-built passwords and hence achieve the security together. It is strongly recommended that your passwords should contain all types of characters, this article would provide you the detailed version of creatingSecure password keyboard strong passwords. A password meeting the above requirement may not be secured all the time. For example, AAAaaa111! Is that a strong password? Not indeed. Following tips would help you create stronger passwords to keep your world safe.

Password Length:

The lengthy the passwords the stronger are they. Each character you add to the password increases its strength several times over. Minimum length should be 8 characters. 14 and above are considered strongest and ideal. Making length passwords and remembering them is comfortable when the systems allow you include the blank spaces in the passwords. This then becomes the pass phrase.

Letters, numbers and symbols:

Variety of characters would obviously make the passwords strong and harder to guess. Can’t remember complex passwords containing symbols? You may use just alphabets and numbers to create the passwords, however these passwords have to be longer. A 15-character long password composed of only characters and numbers is 1000s time stronger than a 8-character long password composed from the entire keyboard. If you really want to create no-symbols passwords, you have to make sure that the passwords are sufficiently longer. However, it is always recommended to include the symbols.

Make use of entire keyboard:

Instead of using the common symbols and characters, try making use of other symbols also. Passwords created holding the shift key and following a sequence on keyboard are not much stronger. Though any password strength checker would give it nice protection score, it would not be normally that secured and hacker might discover it after multiple attempts. Use words or phrases that are easier for you to remember but harder for others to guess.

Convert a pass phrase into a password:

If your system doesn’t allow you to use spaces, no worries, you can convert the pass phrase to a password by following the below steps:

  1. Think of a statement or a phrase that you can remember but others can’t guess. Example – I love my life like crazy
  2. Try to spell the words in the phrase into some non-sensible words like Love can be spelled as luv, life as lyef, like as lyk, etc. So you have – I luv my lyef lyk krazee
  3. Add complexity by finding the letters that can be converted into symbols or numbers and Capitalize the first character of the alternate words. Example – ! 1uv my Lyef lyk Kraz33
  4. Join the words (remove the spaces) Example – 1uvmyLyeflykKraz33
  5. Check your password’s strength using Microsoft Password Checker tool provided by Microsoft. Using the Microsoft Password Checker, the result for the above password is BEST!

Things to avoid while creating passwords:

  • Avoid sequences or repeated characters. Example – abcdefg, bbbbbbb, 123456 or adjacent characters on your keyboard.
  • Avoid using only look-alike (100k-a1!k3) substitutions of numbers or symbols. The hackers are sometimes smart enough to replace these common characters with corresponding numbers or symbols as done for "look-alike". However, they can be fooled by misspellings, length, case variations, etc.
  • Avoid using your login name, first or second name, birthdate, your city, etc in the passwords.
  • Avoid dictionary words in any language. The hackers can use software to generate the common misspellings, reversed sequence of the characters, common substitutions.
  • Avoid storing the passwords online.
  • Do not provide login information at non trusted sites. People may create user accounts while registering on some site providing the same username and password as that of the email account also providing the same email ID. Example – A user with email id xyz@abc.com with password xyz@123 creates account on some www.pqr.com with username xyz and password xyz@123 and providing xyz@abc.com as an email id for communication. This puts the user’s email account at a huge risk unless www.pqr.com is very much trusted.