Revdarth.com

Ok - this is a non-political reflection upon the Sarah Palin email hack that took place in the last week or so.  Regardless of how one feels about Sarah Palin and her politics, it is wrong to an incredible level for anyone to hack into someone’s email account.  What is even more obnoxious about the hack is that, according to this story on Wired.com, it was done to try to find anything incrimating against her.  Moving beyond the morals of this debate, a separate question revolves around security of webmail services.  It sounds like the hacker just used some good old fashioned social engineering to get Yahoo to pop up her security questions and a quick check of Wikipedia or any of a number of other online sources and you get to reset the password to whatever you like.  So, beyond not getting in the public eye, what is the take-away lesson from this?

The takeaway lesson is that, while Yahoo Mail, Gmail, etc all have “security” built in, the strength of the security still falls to the end user.  It begins with a password.  Passwords that are your dog’s name, your hometown, your birthdate, and so forth are not secure and are easily hacked.  Similarly, passwords that just use letters or just use numbers are also easily hacked.  The ideal password is one that contains a combination of letters (both upper and lower case), numbers, and symbols.

Ok, but those are hard to remember right?  Well, not necessarily.  One way of creating an easy-to-remember, but also secure password is to use the lyrics of your favorite song.  Let’s say your favorite song is Sgt Pepper’s by The Beatles.  Take the first letter from each word in the chorus…

We’re Sgt. Pepper’s Lonely Hearts Club Band,
We hope you will enjoy the show

WSPLHCBWHYWETS

By itself, those characters make up a pretty weak password.  But if you change a few things…

1. WSPLHCBWHYWETs - makes it a slightly stronger password (last S is now lower-case)
2. WSPLHCBWHYW3Ts - its suddenly a even more secure password (changed the E to a 3)
3. WSPLHCBWHYW3ts - More secure still.  The last two letters are lower-case.

Other things you can do to make passwords even more secure are to have a wider mix of upper and lower case characters, change letters to numbers such as a 1 for an i, a 3 for an E, a zero (0) for the letter O, a 5 for an S and so forth.

It might take some getting used to, but its a great start.

So, Sarah Palin, if you are still using Yahoo Mail (which I hope you are not after their horrific security PR mess), don’t forget that M00S3 is an ok password.  But M00s3hunt3R@ALASKA is even better.

If you would like to check the security of your passwords (and if you trust Microsoft), there is a great tool on MS’ site where it will give you a grading of your password security.