Mark Zuckerberg's biggest
social network presence is undoubtedly on Facebook, but he has other
accounts, too -- and he's learning the hard way that those accounts
are just as sensitive. Facebook CEO Mark Zuckerberg’s Twitter and
Pinterest accounts were recently compromised, likely as a result of a
mass LinkedIn password hack. (If you have not already done so, go
change your LinkedIn password.) The fact that Zuckerberg can fall
victim to a security breach is not a surprise. What is a
surprise is how bad his password was: according to the hackers, his
password was “dadada.”
It’s a comically bad password.
It doesn’t have special characters or numbers. It doesn’t even
have an uppercase letter. It’s only two letters, just repeated.
It’s very, very bad.
Neither Zuckerberg nor Facebook have commented
on the hack or confirmed the password, but if this is indeed
accurate, “dadada” eludes nearly every characteristic of a strong
password. The hack also would suggest he used the same password his
Pinterest and Twitter accounts, another failing.
The age-old advice to not
re-use passwords is particularly timely at the moment. Beyond the
LinkedIn theft, there were also recent leaks of 360 million email
addresses and passwords belonging to users of MySpace.com. Since May,
the website Leakedsource.com, which sells access to the stolen
information, has added close to one billion records to its database
The publicity around the hack of Mr. Zuckerberg’s accounts may
prompt other attackers to take advantage of the stolen data in the
same way.
Strengthen your password.
Here are few tips to do so.
— Make your password long. The recommended minimum
is eight characters, but 14 is better and 25 is even better than
that. Some services have character limits on passwords, though.
— Use combinations of letters and numbers, upper and lower case
and symbols such as the exclamation mark. Some services won't let you
do all of that, but try to vary it as much as you can. "PaSsWoRd!43"
is far better than "password43."
— Avoid words that are in dictionaries, even if you add numbers
and symbols. There are programs that can crack passwords by going
through databases of known words. One trick is to add numbers in the
middle of a word — as in "pas123swor456d" instead of
"password123456." Another is to think of a sentence and use
just the first letter of each word — as in "tqbfjotld"
for "the quick brown fox jumps over the lazy dog."
— Substitute characters. For instance, use the number zero
instead of the letter O, or replace the S with a dollar sign.
— Avoid easy-to-guess words, even if they aren't in the
dictionary. You shouldn't use your name, company name or hometown,
for instance. Avoid pets and relatives' names, too. Likewise, avoid
things that can be looked up, such as your birthday or ZIP code. But
you might use that as part of a complex password. Try reversing your
ZIP code or phone number and insert that into a string of letters. As
a reminder, you should also avoid "password" as the
password, or consecutive keys on the keyboard, such as "1234"
or "qwerty."
— Never reuse passwords on other accounts — with two
exceptions. Over the years, I've managed to create hundreds of
accounts. Many are for one-time use, such as when a newspaper website
requires me to register to read the full story. It's OK to use simple
passwords and repeat them in those types of situations, as long as
the password isn't unlocking features that involve credit cards or
posting on a message board. That will let you focus on keeping
passwords to the more essential accounts strong.
No comments:
Post a Comment