A number of high profile on-line mail services were hit with a phishing scheme which resulted in the posting on-line of thousands of account details over the weekend. Hotmail seems to have been hit the hardest but both GMail and Yahoo were also targetted. There are 2 serious issues here:
- many people are still using on-line/3rd party email services to conduct day-to-day critical email communications – there are a number of problems with doing so from service availability to security, yet many still persist.
- password quality remains the single biggest issue with account security – with most people choosing simple passwords, these account can be easily accessed through brute-force password hacking.
Most people are still choosing passwords not for strength but for memorability. The problem is that anything that is obvious and easily remembered by someone, is likely to be easily hacked. And the problem is not just an on-line service account issue – it extends to ATM cards, banking passwords and other crucial personal interactions. A recent study found that many people were using their birth date as their ATM card password – very dangerous.
The conclusion here is obvious: don’t use on-line email services for critical email communications; if you must, then make sure your password is of very high quality. Take responsibility for your security!!!