Komputer Klinic: Keep your e-mail safe from hackers

What would you lose if your e-mail were hacked? Your personal messages and contacts would be compromised. And your messages could include personal photos or financial details.

Recently, vice presidential candidate Sarah Palin’s e-mail account was hacked. The contents were posted on the Internet for the world to see.

Apparently a complete stranger did the hacking. That’s how easy it is to hack an e-mail account. Let this be a lesson.

THE PROBLEM WITH WEBMAIL

With Webmail, your user ID is generally a part of your e-mail address. Anyone who receives an e-mail from you knows your user ID. An investigation into Palin’s e-mail usage made her address public knowledge. So the hacker only needed her password.

Did the hacker guess her password? No. The hacker created a new one using Yahoo’s password reset feature. It’s actually pretty easy to do.

To reset the password, the hacker answered a security question. That, too, was gleaned from public information.

DEALING WITH PASSWORD RESET

Your personal information may not be on the Web. But you could still be hacked. Odds are, you specified a security question and answer when you created your account.

Friends and family probably know the answer to the question. Or it could be found with a Google search.

The password reset is critical. If you answer it truthfully when setting up your account, you’re at risk. So don’t. Use a nonsensical answer that only you know.

For example, select “What is your father’s middle name.” Answer it my@name@is@kim. Or, use “my+dog’s+name+is+Boo-Boo.”

It is unlikely that a hacker could supply the correct response. The system doesn’t care that your response makes no sense.

PROTECTING EXISTING ACCOUNTS

You probably want to keep your existing e-mail account. You probably also supplied correct information when you created it.

Depending on your provider, you can change the answers to your security questions. Yahoo users are out of luck. But Hotmail and Gmail users aren’t.

In Hotmail, click your account name and select “View your account.” Under Password reset information, click Change beside Question. Change your security question and answer.

Gmail is more difficult to hack. Your account must be inactive for five days before you can reset the password. You can also select your own security question.

Click Settings and open the Accounts tab. Select “Google Account settings.” Click “Change security question.” Alter your security question and response.

USE A STRONG PASSWORD

You still need a strong password. Your password may be easier to guess than you think. Your dog’s name or phone number are easily guessed.

Maybe you thought about this and picked a random word instead. Careful! Hackers can crack it easily with a dictionary attack. Software tries every word in the dictionary as the password.

You need to use a complex password containing both letters and numbers. If your provider allows it, add a symbol. Use at least eight characters.

I recommend creating a sentence that is easy to remember. For example, “My daughter was born in 2005” is relatively simple.

Take the first letter from each word and keep the year. You get “mdwbi2005.” It’s easily remembered, but difficult to guess.

REMEMBERING YOUR PASSWORDS

You’ll have trouble if you forget your password. But don’t write it on a slip of paper. This defeats the purpose of securing your account. Co-workers or family members could find the paper.

Instead, use a password-management program like KeePass or LastPass. Your passwords are encrypted; a master password opens the database.

Or, try Pageonce. It is a Web-based password-management tool. You’ll find links to these tools at www.komando.com/news.

You should also change your password regularly. And clean out your browser’s saved data regularly. This includes the cache, saved forms, cookies and passwords.

Finally, don’t check “Remember Me” on the sign-in page. That’s an open invitation to snoop. Sign out from your account once you’ve read your e-mail.