A teachable moment for all of us on password security
David Kernell, the 22-year-old son of a democratic Tennessee lawmaker, was convicted on two charges in the hacking of Sarah Palin’s email account. The crime took place while she was campaigning on the republican presidential ticket in 2008. After four days of deliberation, he was found guilty of obstruction of justice, and unauthorized access to a computer, but was acquitted of wire fraud. The jury deadlocked on a charge of identify theft.
The charge of obstructing an investigation carries a maximum 20-year prison sentence, and unauthorized access to a computer is a misdemeanor.
Now, how did Mr. Kernell hack into Ms. Palin’s account? He correctly answered the security questions that Yahoo! asks when you forget your password. All he needed was her birth date, zip code and to correctly guess the name of the city where she met her husband.
I don’t want to diminish the severity of this particular crime, no one has the right to enter your house, even if you leave your front door open. Instead, let’s use this as a teaching moment. Here are some easy ways to protect yourself from casual hackers and pranksters:
When a site asks you to select and fill in security questions, they are not asking for, nor are they entitled to factual information. They simply want you to give them a way to know you are the one who is going to regain access to your account. So, never use real birth date, your real zip code, the real town where you met your husband, your mother’s maiden name, the last four digits of your social security number or anything else I can find out about you with Google or on your Facebook or LinkedIn profile. Don’t even use your drag queen name (your first pet’s name and your mother’s maiden name, mine is Muffin Whitehead) it may be great fun at a party, but it is not secure and it’s an invitation to any interested or motivated hacker to access your account. Make up the dates, pet’s names, towns, etc. Just remember what you words and numbers you used.
As for passwords, they can only protect you if you use them correctly. Here are some guidelines:
Use letters (caps and lowercase), numbers and symbols. The more cryptic your password is, the better it will protect you.
Use computer geekspeak to make weak passwords stronger. Leet replaces English letters with numbers and symbols. For example: a=@, E=3, i=1, S=5, etc. Check out Wikipedia for a complete Leet table.
Leet can help you turn proper nouns, which are very, very easy for machines to crack, into stronger passwords. For example: macintoshczar becomes m@c1nto5hcz@r. You can still easily remember it, but it is much harder to crack.
Make up a sentence and use the first letters of each word to create your password. For example: “Mozart is one of my favorite cats in the car.” would yield the password: “Mioomfcitc.” Then write it in Leet to make it even stronger, “M100mfc1tc.” The sentence is a mnemonic device that will help you remember your password, and Leet makes it much stronger.
Lastly, keep in mind that the longer a password is, the better it is. Change your passwords on a regular basis. No birthdays, names, proper nouns, ages or anything else that looks or sounds like English or says anything about you. As a general rule, don’t reuse them. And, most importantly, do not write it on a sticky-note and put it on your computer monitor — don’t give me that look … you know who you are …
If you keep these very simple principles in mind, you will be much more hacker proof than you are right now. For additional security, setup and use a password on your personal computer and even on your mobile phone. Remember, passwords can’t help you if you don’t use them.
Had Ms. Palin followed these guidelines, Mr. Kernell would not be facing jail time. But more importantly, she would not have been victimized nor would she have had to endure the inconvenience of being hacked.
About the Author: Shelly Palmer is the host of “Digital Life with Shelly Palmer,” a weekly half-hour television show about living and working in a digital world which can be seen on WNBC-TV’s NY Nonstop Tuesdays at 10p Eastern and online, and the host of “MediaBytes,” a daily news show that features insightful commentary and a unique insiders take on the biggest stories in technology, media, and entertainment. He is Managing Director of Advanced Media Ventures Group, LLC an industry-leading advisory and business development firm and the President of the National Academy of Television Arts & Sciences, NY (the organization that bestows the coveted Emmy® Awards). Mr. Palmer is the author of Television Disrupted: The Transition from Network to Networked TV (2008, York House Press) and the upcoming, Get Digital: Reinventing Yourself and Your Career for the 21st Century Economy (2009, Lake House Press). You can join the MediaBytes mailing list here. Shelly can be reached at firstname.lastname@example.org For information visit www.shellypalmer.com