Adobe user passwords stolen and uploaded to web. Time to check that your passwords are safe and sound


Let me explain how unskilled hackers get into personal email and bank accounts easily.

One way is to get you to enrol into something with an email address, user name and password of your choosing. They can do this by getting you to register for a free download or purchase, on a dodgy site, or a host of other tricks.

They know that a good percentage of internet users are silly and use the same details for all the sites they are registered with. So as soon as they have your new registration details they try those same details on a host of sites such as email and banking – purely speculatively. If you were that stupid – bingo they are into your precious accounts.

Another way, which requires more skill, is to hack into a company account and steal the passwords and user IDs they have on their system. As hackers like to help each other those passwords are then shared and form the base list of passwords they can bombard a site with using a programme that tries each password from their list in a fraction of a second. Most people use the names or dates of people or events so they will have been included in earlier lists they will have copied, along with a set of dictionary words.

This last technique has just succeeded yet again. LastPass, a password security firm, said on Thursday 7th November 2013 that it had found email addresses, encrypted passwords and password hints stored in clear text from Adobe user accounts on an underground website frequented by cyber criminals.

What you should do about passwords:

The basic way. If a website is your email (such as Gmail, Yahoo, etc) or has your personal date or it involves any sort of financial transaction, make sure it uses a password not shared with another site. Make it a good password that would not appear in any dictionary, one that includes at least on e capital latter and one number.

A better way. Is to use a password manager on your browser (‘browser’ is the generic name for that thing you use to get on to the internet such as Google Chrome, Firefox or even Internet Explorer). I use LastPass which, once I added their extension to the browser, creates strong passwords for me which it remembers. LastPass is excellent.

One of the first things you should do with LastPass it to let it check your existing passwords (which it can do automatically) for strength and change them into something better.

The best way. This is identical to the above but with the addition of two-step-authentication by those sites which make it available such as Gmail and Evernote. This is an optional feature you can switch on. Once you have given a mobile phone number (and usually an additional friend’s one in case you lose yours) whenever you log on using a new machine such as a friend’s or in a library, they send a unique one-off number to your mobile which you then put into the login screen.

Leave a Reply

Your email address will not be published. Required fields are marked *