Lexxuk
07-01-05, 19:19
Well after having my hotmail account briefly taken over last night (I wont say who it was.. in public *coffcoff PM coffcoff*) I figured what better time to discuss in this place of discussion, security and stuff.
My Hotmail password itself was 10 chars, which is more than enough you would think, nice and secure. And my password would be totally unguessable, its not a word etc.. So how did my account get taken over?
My secret question and answer. The girl that accessed my account knew enough about me to pretty much know any silly question that I could possibly think of, and having an easy one like "what is my dogs name" is rather... silly of me I guess.
So I sat down and thought, how could I make a secret question/answer that would not be totally obvious to anyone? Well, my @hotmail.com's secret question is so obscure that I do not know the answer to it, which is brilliant, no one could guess it! Not even me :lol: Unfortunatly its then pretty hard to think of a secret question/answer combination that (a) she does not know and (b) I can actually remember in case I ever do need to reset my password.
I did try thinking latterly, like sqrt(pi) which is 1.7 something or another, but no, that would just be really daft, I thought "how about putting in the Welsh for reverse and just reversing my email?" but no, (a) her mother is welsh and (b) welsh dictionarys online.
If you know my real name, which some of you do, you will be amazed at how much information is out there on the internet for you to find out about me, so school's I went to etc.. are gone, cant use them anymore (friends reunited) so how do you get out of this.
One way is to have an unrelated answer to question. For instance, the question could be "what is my cats name" and the answer "london bridge" but then you actually need to remember you put in London Bridge, which when you cant even remember your own password...
So, think of something really obscure, that is related to you and will just jog your memory about what the password is. For instance, you got a B+ in GCSE history, you could have your secret question as "B+" and answer is "history", think well out of the box.
The Email Reset function btw, is a life saver, make sure you have yours updated to a nice safe email service, ideally a real one which you access often (its how I got my account back) and only you have access to (i.e. has no password reset function)
As for password, well, obviously the longer the better, mixed in with UPPER lower and numerical, you can also mix in ASCII too, which does improve security somewhat but meh, too hard to remember where you stuck that stupid &$% in the password.
Ok, so you mix a lower, upper and numerical, so thats 26+26+10=62, in an 8 letter password thats 218,340,105,584,896 different possible combinations for someone to guess :)
My Hotmail password itself was 10 chars, which is more than enough you would think, nice and secure. And my password would be totally unguessable, its not a word etc.. So how did my account get taken over?
My secret question and answer. The girl that accessed my account knew enough about me to pretty much know any silly question that I could possibly think of, and having an easy one like "what is my dogs name" is rather... silly of me I guess.
So I sat down and thought, how could I make a secret question/answer that would not be totally obvious to anyone? Well, my @hotmail.com's secret question is so obscure that I do not know the answer to it, which is brilliant, no one could guess it! Not even me :lol: Unfortunatly its then pretty hard to think of a secret question/answer combination that (a) she does not know and (b) I can actually remember in case I ever do need to reset my password.
I did try thinking latterly, like sqrt(pi) which is 1.7 something or another, but no, that would just be really daft, I thought "how about putting in the Welsh for reverse and just reversing my email?" but no, (a) her mother is welsh and (b) welsh dictionarys online.
If you know my real name, which some of you do, you will be amazed at how much information is out there on the internet for you to find out about me, so school's I went to etc.. are gone, cant use them anymore (friends reunited) so how do you get out of this.
One way is to have an unrelated answer to question. For instance, the question could be "what is my cats name" and the answer "london bridge" but then you actually need to remember you put in London Bridge, which when you cant even remember your own password...
So, think of something really obscure, that is related to you and will just jog your memory about what the password is. For instance, you got a B+ in GCSE history, you could have your secret question as "B+" and answer is "history", think well out of the box.
The Email Reset function btw, is a life saver, make sure you have yours updated to a nice safe email service, ideally a real one which you access often (its how I got my account back) and only you have access to (i.e. has no password reset function)
As for password, well, obviously the longer the better, mixed in with UPPER lower and numerical, you can also mix in ASCII too, which does improve security somewhat but meh, too hard to remember where you stuck that stupid &$% in the password.
Ok, so you mix a lower, upper and numerical, so thats 26+26+10=62, in an 8 letter password thats 218,340,105,584,896 different possible combinations for someone to guess :)