Gmail Passwords are Easy to Steal – How to Make a Strong Password

Think your Google Gmail is safe? Think again!

Yet another flaw in Gmail was recently revealed by security researcher Vicente Aguilera Díaz, who has found previous flaws in Gmail. He found a back door allowing bad guys to repeatedly guess Gmail passwords.

According to his new alert, Google lets anyone with a Gmail account guess another Gmail user’s password 100 times every two hours, or 1,200 times per day.

No “captcha” keeps hackers from guessing passwords and, worst of all, this is per account so if a hacker controls 10 Gmail accounts that’s 12,000 guesses a day, 100 accounts, 120,000 guesses a day, etc.

Gmail accounts cost nothing and it would be easy for a hacker to control a lot more than 100 accounts, I’m sure most control tens of thousands of accounts, if not more.

Then, with a simple software program, a password cracker bot, it would be very easy to “harvest” the password from thousands of Gmail accounts, giving the person complete control over your account and access to all your personal mail and information.

While Google requires the bare minimum for a secure password, 8 characters, they put no other security measures and you could create extremely weak passwords list “aaaaaaaa” or “password”; a lot of people actually do use those.

Fortunately, there is a simple way for you to protect yourself from this problem.

The solution is using a secure password that is easy for you to remember but hard for someone to guess; I’ll show you how I do it.

I did a quick survey of friends and family and found only two people using a truly a secure password, my wife and my mother (and that is because I’ve forced them to do it

They were using the standard “hackers love it” passwords like their pets name, children’s names, grandchildren’s names, birthday, simple words (like password or one used applepie).

Understand, those types of passwords could be guessed, on average, within about 10,000 guesses.

And since most people use only a few passwords for ALL their accounts, once someone knows your Gmail password they have access to a lot of other things; which they can learn about from your e-mail they can access and those place probably shows them other things to access and on and on.

And if you use the same password for Gmail as say, PayPal, well, I don’t think I need to go on.

Create Easy to Remember Passwords

Why are these passwords created?

Because they are easy to remember.

Lucky you and lucky hackers.

It’s actually easy to create a password you can remember that is very hard to guess or crack.

What is a Strong Password?

A really strong password should “look like” a random string of characters. It should be 14 characters or longer and it should include at least one uppercase and lowercase letters, numbers, and special characters (special characters are the other characters like !@#$%^&*()~’_-+={[}]|\:;<>?/”.

Sounds daunting but read on.

First, that rule is if you want a really strong password which you probably only need for your bank accounts, etc.

Second, for a strong, but not rock solid, password you can ease the rules slightly, and many places don’t even let you use special characters in passwords.

Third, there is a simple trick to creating passwords you’ll be able to remember and still follow those rules.

So for a reasonably strong password we always want all these things:

1. Uppercase letters
2. Lowercase letters
3. Numbers
4. At least 8 characters
5. Not a real word that would be in a dictionary (hackers use digital dictionaries to guess passwords)
6. Not anything that is specifically related to you, at least that would be “public knowledge”
7. It’s also best not to use any letter or number more than once (uppercase and lowercase of the same letter count as two different letters)
8. Add special characters when possible

As I said, it’s easy to do this even if it sounds hard.

Creating a Strong Password

The key to creating a strong password you can remember but would be difficult to guess is to use a trigger phrase.

By that I mean something that few people know but that you remember very well. Here are some examples:

• My first kiss was with Jennifer at Burger King in 1989
• I started Karate in El Paso with Master Yamagito in August 1975
• The best night of bowling ever was at the Frontier Lanes with Joe

So the first step in a strong password i to find your own trigger phrase. It should be something easy for you to remember but something few people will know.

Now just take one letter from each word. Most people find it easier to just use the first letter which is fine although taking an interior letter is better.

Taking the first letter from the first trigger phrase above we have MfkwwFbBKi1.

Personally, I find using the last 2 numbers of a year to be easier to remember than the first number, and it gives more variety, so doing that and removing “duplicates” we have MfkwJaBKi89.

MfkwJaBKi89, not likely someone will guess that!

It you wanted, you count stop there because you’ve satisfied the requirements but for your really secure passwords you should add some special characters; if your bank or other account doesn’t allow them then you should use a longer trigger phrase.

Just decide on some pattern, every other vowel or every third letter, and use the pattern to substitute special characters.

For example, replacing every odd numbered vowel would yield MfkwJ!BKi89.

There are two vowels, so I replaced the first one and I just took the special character above the number one on the keyboard.

If you want to make it stronger just add a few characters from the site name you are entering the password for.

If the above password was for your PayPal account then just make it “payMfkwJ!BKi89″

That’s really all there is to it.

For a few days it may be a bit hard to remember but just say the trigger phrase in your head and soon your fingers will remember the password even if your brain doesn’t without saying the phrase.

This will make all your passwords very difficult to break and keep your accounts very secure.

By the way, Microsoft had a password checker, so after you create your password you can check how strong it is; go to http://www.microsoft.com/protect/yourself/password/checker.mspx

Keeping Your Passwords Safe

Now that you have strong passwords it would be foolish to write them down or keep them in an unsecure document on your computer. Here are some things to do to help your guard your passwords and your accounts.

Don’t use the same password for all accounts

Even with a strong password if you use it for all your accounts then if it is cracked you are completely vulnerable.

If you have a lot of accounts then it might become hard to have enough trigger phrases and to remember which phrase went with which account but you can do one of two things.

First, you can create account buckets.

By that I mean create 3-5 different passwords and use those for all your accounts, essentially putting each account into one of the account buckets that has a password associated with it.

Sometimes you may not remember what a password is but you only have a limited number of choices, all secure, to try; this balances convenience and security.

Secondly, read the next section!

Use Password Managers

There are programs that will help you manager you passwords and keep them secure.

The primary advantage in this case is you can create as many very secure passwords as you want and the software will keep track of them and, the best software, automatically fills out the information for you.

The most popular of these, at least with Internet Marketers is RoboForm.

It lets you securely save user names, passwords, addresses and even credit card numbers and will insert them into the right place on each Web site.

The primary negative is that it is completely Web focused so it can’t help you with your other passwords (like I password protect certain Word document and Excel spreadsheets).

A nice benefit is that there is a version called RoboForm2Go that lets you run it from a USB “stick” or “drive” so you can take it and use it anywhere. It doesn’t leave any trace of your passwords on the other computers.

There is a free version but it is somewhat limited so I’d recommend the $30 paid Pro version. Go here to download it.

If you want a free, open source password manager with even more features check out KeePass Password Safe and if you want one that does more than Web sites try Access Manager 2.

Change Passwords Periodically

Yes, unfortunately, changing passwords is a great way to thwart hackers even if they do get your passwords.

Change them about every 6 months and most of the Password Managers can also remind you when it is time to change your password.

Beware of Wireless Access

If you travel or just access you accounts from Starbucks unless the site uses secure communications, that is it starts with https:// instead of just http://, then don’t type in your user name and password. It would be quite easy for a hacker to get what you typed in.

Conclusion

Google’s Gmail has some significant flaws that will let people steal your password.

Using strong passwords will protect you from this and other similar flaws in Web sites and software, making your accounts and information much better protected.

Creating and remembering strong passwords isn’t that hard just use a trigger phrase and build your password from it.

Just remember that password should be as long as possible but no shorter than 8 characters, always contain letters (both uppercase and lowercase) and numbers and, when possible special characters.

Protect your strong password by:

• Not using the same password for all accounts
• Using password managers
• Changing passwords periodically
• Being cautious of wireless access

The importance of this can’t be overemphasized because of the danger of identity theft and financial ruin.

Make strong passwords even though it can be a slight inconvenience at first.

Please leave me a comment about your thoughts.

Talk soon,

The “Shameless” (but “Ethical”) Marketer
http://www.Twitter.com/DavidHusnian
http://www.8-8-8Sale.com
http://www.MusicForInternetMarketers.com
http://www.SecretsOfGoogleAdwords.com
http://www.MadMondaySale.com
http://www.2ForTuesdaySale.com

.

Tags: are gmail passwords encrypted, can gmail passwords be retrieved from a computer, changed gmail password and now email on iphone doesn't work, crack a gmail password, crack gmail password, do gmail password recovery programs work, enter gmail without password, forgot gmail password, forgot gmail pop3 password outlook, free gmail password hacking programs, free gmail password retrieve, get a gmail password, get gmail password without software, get someone s gmail password, get someone's gmail password, getting gmail passwords, getting someone's gmail password, gmail hack password, gmail id password cracker, gmail password, gmail password crack, gmail password cracker, gmail password finder, gmail password hack, gmail password hack program, gmail password hacking, gmail password recovery, gmail password reset, gmail password resetter, gmail password sniffer, gmail password spyware, gmail passwords, gmail passwords from cookies, hack a gmail password, hack email passwords from gmail freeware, hack gmail password, hack gmail password free, hack gmail passwords, hacking a linksys router for gmail passwords, hacking gmail password