Passwords

 · 3 mins read

Choosing good passwords is one of the most important aspects of keeping your information safe. You probably have a lot of juicy information accessible online whether it is your social media photos, private emails, or bank accounts.

Below are some helpful tips on how to create stronger passwords, as well as a case study of someone trying to blackmail me.

Tips for Creating Strong Passwords

1. Use a password manager

Password managers are great because they will generate long, randomized passwords for you! You only need to remember one master password. I have over 100 accounts and it would be impossible for me to remember all them.

What password managers should you use? Some common ones include:

  • LastPass (Free, runs on laptops and phones)
  • 1Password (Subscription, runs on laptops and phones)
  • KeePass (Free, runs on laptops)

2. Create long, varied passwords

Some general rules for passwords are:

  • Length greater than 8 characters
  • Varied with using digits, punctuation, and symbols
  • No dictionary words (e.g. ‘donkey’)
  • No personal information like your address, family, or birthday

3. Do not reuse passwords

This is really important because your passwords will be stolen and it will not be your fault. Big companies get hacked and private user information is taken. You can be prepared by not reusing the same password across sites.

Examples of Strong Passwords

Here are some examples of randomized passwords that can be remembered for you if you use a password manager:

  • GB9!{JU,~$6r[=ua
  • qe,&mj~:@!+32L6.
  • Hq’?!pZ;S]X4fG{W

Case Study: Data Breach Blackmail

Yesterday I received an email sent from myself??

sender

The email included some bold accusations and threats. Here’s the message in full:

Hello! I’m a member of an international hacker group.

As you could probably have guessed, your account [youremail]@gmail.com was hacked, because I sent message you from it.

Now I have access to you accounts! For example, your password for [youremail]@gmail.com is [removed]

Within a period from July 7, 2018 to September 23, 2018, you were infected by the virus we’ve created, through an adult website you’ve visited. So far, we have access to your messages, social media accounts, and messengers. Moreover, we’ve gotten full damps of these data.

We are aware of your little and big secrets…yeah, you do have them. We saw and recorded your doings on porn websites. Your tastes are so weird, you know..

But the key thing is that sometimes we recorded you with your webcam, syncing the recordings with what you watched! I think you are not interested show this video to your friends, relatives, and your intimate one…

Transfer $700 to our Bitcoin wallet: 13DA….W77R If you don’t know about Bitcoin please input in Google “buy BTC”. It’s really easy.

I guarantee that after that, we’ll erase all your “data” :)

A timer will start once you read this message. You have 48 hours to pay the above-mentioned amount.

Your data will be erased once the money are transferred. If they are not, all your messages and videos recorded will be automatically sent to all your contacts found on your devices at the moment of infection.

You should always think about your security.

We hope this case will teach you to keep secrets. Take care of yourself.

It is a fun read. Unfortunately, it has no truth :) However, from an old data breach, the ‘hacker’ does have my personal email and an old password.

My response action was:

  1. Ignore the message
  2. Make sure that the old password is never used again
  3. Double check that my current passwords are all unique for future data breaches

Determining the true sender

In case you are wondering how to find the true sender, all emails clients have a way to show the original message headers. In gmail, we can see the original sender is some random email address and not me:

sender

Conclusion

Stay vigilant and use strong passwords!