A group blog on regional web trends by the Knoxville News Sentinel web staff
Contributing Authors
Recent Tweets @knoxnews

A few weeks ago, our own Erin Chapin wrote a great column about our online identity — Does your digital image reflect who you are? It was a great read, which raised some important points about how we represent ourselves through our Internet and social media activity.

Today, I want to talk about something that sounds similar but is a completely separate issue: our social media identities.

When I got into work today, a coworker told me about something that had happened to him on Twitter. Sometime in the last 24 hours, his account was hacked.

But the hacker’s purpose wasn’t to spam his friends and followers — it was actually much worse. His Twitter handle, which he’s had since 2007, was stolen from him.

Mark McIntyre, a software engineer for EW Scripps who works out of the News Sentinel building, is a victim of social-media identity theft, which, until today, was something I’ve never even considered.

Long story short, Mark tried logging into to his Twitter account this morning, but his username/password combination wouldn’t work. After requesting a rest password email, he discovered his handle had been changed.

For years, he’s operated under the @mock username on the site, but a hacker apparently forced his way into the account, changed the handle to @mockockocklol and then stole the @mock handle for his own account.

Mark, justifiably frustrated by this, reached out to the Twitter support team for help. He was told to open a help ticket, which he did. Now he waits to see if anything can be done to restore the @mock username to its rightful owner.

But there is a lesson to be learned. Always choose a strong password. Mark admits his password was a weak one, which made him a much easier target for the hacker.

So, with that in mind, I thought it would be helpful to point out some of the most common passwords used so you know what to avoid.

  • password: Does it get any more obvious than this?
  • 123456: This, or any chain of numbers, makes your accounts quite vulnerable
  • qwerty: Same as with numbers. Any strings of letters
  • your name — or your child’s or pet’s name — with a 0 or 1 after it
  • letmein: Pretty straight-forward, I guess

Lifehacker has a really great article about this topic: How I’d Hack Your Weak Password. It goes into great detail about common pitfalls; how to strengthen your password; and how, exactly, a hacker goes about breaking into accounts. Some of it is a bit over my head, but it does help deepen my understanding about this.

It also offers some helpful tips you can employ to make it harder for hackers to hijack your accounts.

  • Substitute numbers for similar-looking letters, i.e. the number 0 for the letter O.
  • Utilize special characters, like @ # $ % ^ & *
  • Insert capital letters at random points in your password
  • Avoid using a person’s name. Every name plus every word in the dictionary will fail under a simple brute force attack.
  • Use different username / password combinations for everything. Remember, the technique is to break into anything you access just to figure out your standard password, then compromise everything else. This doesn’t work if you don’t use the same password everywhere.

I know many people use the same usernames and passwords over and over because it’s not always easy to remember everything. But here are some resources that can help. Roboform — for Windows users — will store all of your passwords in an encrypted format and allow you to use just one master password to access all of them. For Mac users, 1Password does the same, and it even has an iPhone application so you can take them with you.

Curious if you have a strong password? Want to test out different versions to see how to improve yours? Microsoft has a password strength tester and a guide to creating a strong password.

  1. worldoffizz reblogged this from knoxnews
  2. knoxnews posted this