Inbound SEO, Sales, Service and Marketing Blog

The Problem With Passwords...Or How Not to Get Mugged Online

Mar 30, 2017 9:35:29 PM / by Adam Singer

I discovered a new way hackers can mess with your online accounts, even if you have a super strong password. Do you have accounts with usernames and passwords on a gazillion accounts? Yup, this article is for you.

So, if you only read 2 lines of this article, just go to this website: https://haveibeenpwned.com/ and type in your email address or your favorite username. This website will show you if your email address has been compromised. Now more info:

Shout out to the excellent podcast: ReplyAll

ReplyAll did an amazing show on how a New Yorker's Uber account had been used to pay for rides for a hacker in Russia, even though Uber had never been hacked. Here's how it works: you use the same email address and password on lots of websites. Unethical people hack into one of the many websites you might use (viz. Linkedin, Adobe, Yahoo, etc. etc). They grab thousands or millions of email addresses and passwords. Next they sell packets of these email / password combinations in a place called the dark web. Or, they use a piece of software to try out thousands of email / password combinations on sites like Uber, eBay, Amazon.com etc. etc.

Even if Uber's cybersecurity is bulletproof, if you use the same password on Uber as you used on Yahoo or another site that's been hacked, your account on Uber is now vulnerable.

So How Do You Keep Your Internet Accounts Secure?

Here are some options:

  • Use a different password for every account (problem is this is kind of impossible)
  • Use password manager (can be a good idea, can also be a horrible idea, more about that in a moment)
  • Create your own secret password hash <--- best answer, and explanation to follow

What's Wrong With Using a Different Password for Every Account?

If you can use a different password for every account you use on line and remember them all, more power to you. This would never work for me, or many mere mortals. I use a database program called "Bento" to organize a lot of my passwords, and it's helpful. It's kind of like Microsoft Access, but easier to use and built for Mac. Unfortunately, it is no longer supported, and the replacement is more money than I want to spend. There is always the old standby of a massive Excel spreadsheet or even pen and paper. These work and are probably secure but, seem rather inelegant to me and these lists can be lost or compromised.

What's Wrong With Using a Password Manager?

ReplyAll recommends using a password manager to keep your online identity secure. I thought this was an awesome idea until a friend mentioned that this could actually be the worst option. Here's what you need to know:

What is a Password Manager

A password manager is a piece of software that automatically generates incredibly hard passwords and then remembers them for you. So when you go to an online account, you enter a single password into the password management software and the password manager automatically enters your heavily encrypted information into the account window.

What's the Problem Password Managers?

A friend who once worked at the NSA mentioned that these password managers can be cracked liked any other software and then you're really in trouble. If your password manager is compromised all of your passwords are now compromised. What's worse, if you can't get into your password manager, you are locked out of all of your accounts since you don't have the passwords. So, this is not a great option.

What is a Password Hash and How to Make One?

A hash is when you combine a few things together. Lots of people use passwords that combine two words or a word plus a number. So if they are creating a password for yahoo.com and they have an anniversary on 4/28, the make a password yahoo428. This is pretty weak since it's pretty common to see this kind of combination: "website+428". So, here's a trick taught to me be another former NSA guy: make the date every other letter. So if you're combining 428 and yahoo, instead of adding yahoo to the end (yahoo428) put 428 as every other letter in yahoo like this: y4a2h8oo. This makes a much more secure password and is as easy to remember as yahoo428. I still recommend using some kind of list, to track these, but if you lose it, you still know your "hash".

Hope this helps.

Topics: passwords, online civilization

Adam Singer

Written by Adam Singer

Adam Singer began programming for the World Wide Web in 1998 while working as an Informational Specialist for the Bureau of National Affairs, a Fortune 500 publishing company based in Washington, DC. In 2001 Adam became the Marketing and Communications Director for Jetro Platforms, a server-based computing software manufacturer. In 2011 Adam founded AJ Singer Studios, an Internet Marketing company based in Savannah, GA. In 2015 Adam formed Ability SEO as a full service marketing agency specializing in using SEO, social media, and e-mail marketing to get more visitors, leads and customers

Get Notified About New Articles

Lists by Topic

see all

Posts by Topic

see all

Recent Posts