I love this article from Jose Pagilery, his opening sentance. “It is still unclear how anyone obtained the vast collection of usernames and passwords.”
5 Million, usernames and passwords were, leaked, hacked, phished and cracked. There’s nothing else that could have happened. Unless those ruskies have started their mind control practices again and have figured it out finally!?
I love that as soon as something like this happens the company targeted is potentially to blame. Now I’m not saying that Google haven’t been hacked, but what I think is more likely is this is an accumulated list from peoples accounts that have been phished.
Phishing is the art of building a website that looks like Google (in this instance) and making you sign in, normally with a ruse of some kind sent via email, like “you password has been infiltrated, you need to reset it”.
Where you’ll then be presented with a site that looks like Google but isn’t, it’s a trap and you’re about to fall for it by entering your username and password. Bazinga, too late!?
You know how often kids or uneducated adults wander from web page to web page, from email to email, link to link, without any regard for the “naughty people” lurking in the Dark Web.
Terrorist, Hacktivists, Crackers, Coder and Teens who want to prove to their peers they are capable, all nipping the edges of the WWW and it’s old school security like a school of piranhas eating an elephant, all waiting for the problem between the chair and the keyboard to make a mistake.
The facts are Google probably hasn’t been hacked, they most likely have the very best in security and verification (including the use of mobiles, IP and trends), the fact is the person that’s been hoodwinked is you. Do you need to change your passwords… YES. For Google or just in general…?
If you feel you know this subject and have the perfect password system already, please email me the system, I’m eager to learn!
But for the masses of internet users, all several billion of them, you need to change your outlook on password security altogether, do you have a master password for everything? Is it a word with some numbers?
Currently as it stands the likelihood is, your password can be hacked in less than a few seconds, using a simple online tool and a list of possible alpha-numeric combinations.
Oh, you’ve added a few symbols too? Great you’ve added a few minutes on the length of time it would take the crackers to get access. The fact is their are no passwords on earth that are “uncrackable”, the best you can do is not be one of the 5 million gmail accounts that has by trying the following tips:
1/ Do not use real words!
2/ Add a few numbers
3/ Use Uppercase and Lowercase
4/ Gibberish vs Intelligence
Think about your passwords, create a little system that works for you. Most passwords need to consist of more than 6 digits, Letters and Numbers, Upper Case and Lower Case and in some cases Symbols too.
Why not mix all of these things up in some form of a legible way that means something to you but no one else. Any real words or names will be subject to a simple and easy dictionary attack, these take minutes to crack and are the most obvious failures in password protection. Even if you added 10 numbers afterwards, all you are doing is adding time to crack the password as dictionary + maths equals how computers work.
Well now you are adding significant failsafes in to your password, not to the crackers but to people looking over your shoulder to get your details. There is not much visually
between a capital i and the number 1 for example.
There’s a distinct difference between you chucking some letters, numbers and symbols into a website registration and using an intelligent system.
I believe that there is nothing we can do to prevent hacking or cracking of passwords. Maybe I’m being cynical and negative, maybe, but passwords can be gibberish if your using a password manager, that makes sense.
If you won’t use a password manager things like “Leet Speak” in normal words to break dictionary attacks and maybe linking a couple of words together using a mixture of L33T, symbols, non dictionary words might make a super secure password string that you can adjust per site and remember without a manager?
But I’m confident there is no cure with passwords alone that can prevent this problem, 2-stage verification and IP tracking helps but again, it isn’t the be all and end all solution. I’m sure a lot of the 5 million passwords that were leaked have 2-stage verification also.
The solution is simple. Get educated, we can find out how our passwords are breached with a few google searches or youtube videos, arming ourselves with knowledge is the best way to fight against this problem.
Just try to react fast when we are hacked and be careful when browsing online, could it be that simple?