How to Choose a Safe Password

You may wonder why it is so important to choose a safe password. What are the dangers of choosing a bad one?

A true story demonstrates the dangers of choosing a bad password. We will examine how to choose a good one.

One the website, www.xblock.com, a story was reported of a pharmacist who used an Internet instant messenger service. (The particular service will not be listed in this article.) Every day he checked his e-mail, read the morning news, and checked a stock site. Everything was fine until he tried to use the messenger service. He could not log on, and the service kept rejecting his password for no reason. He sent a message to his friend about the problem and to the xblock.com staff. The xblock.com staff told him there was a good chance his account had been tampered with.

The hacker had not stopped with stealing the pharmacist's password. He had also stolen the list of the people he sent instant messages to.

The hacker then, using the stolen password, posed as the pharmacist and began sending out Trojan Horses, which are files designed to cause much damage to computers. The Trojan Horse was implanted on their computers, and the hacker took control of their computers also.

The xblock.com staff contacted the hacker through the instant messenger service, and he claimed to be from Jordan and demanded $50,000. A computer trace found he was at a university in the Netherlands, however. He refused to return the account, but a lot of his damage was minimized by contacting people on the pharmacist's instant message list.

It took several days before the instant messenger service shut down the account, perhaps because people from the service wanted to be certain a hacker had actually hijacked an account.

Why was the hacker able to access the pharmacist's account? His name was Larry, and he chose Larry as his username and as his password. The hacker didn't have to use much of the sophisticated knowledge or equipment he might have had to guess either the password or username. Almost anyone could have guessed both. Once the hacker had control of Larry's account, naturally Larry's friends assumed the hacker was Larry.