The secret to hack-proofing your email

FI-Log-On-With-Larry-SchneiderDear Larry,

My AOL account was recently hacked and junk mail was sent to everyone in my address book. What causes this and how can I prevent it from happening in the future? —M.D.


Dear M.D.,

Assuming your computer isn’t infected with any sort of virus or malware, then chances are someone with a computer got hold of your email address and then used a computer to rifle through millions and millions of passwords until it hit upon the correct one.

Most of these hacks are completely automated. The computer in question harvests email addresses from the Internet and then tries to guess each email address’s password. If it’s taking too long for the computer to guess, it moves on to the next. In the event it does guess the correct password, it logs in, steals the online address book, then sends out spam directly from your email address, making it even more likely your friends will open the junk mail and do something silly like click a link, or even worse, buy something.

Furthermore, if the hacking software is ambitious, it might start targeting other accounts you own to see if you used the same password.

The secret to preventing this is simple. You need to set passwords for your accounts that are “unhackable.” This means setting a password of sufficient length (eight or more characters) and using a combination of uppercase characters, lowercase characters, numbers and punctuation so that an automated computer program couldn’t possibly stumble on the correct password.

For example, it would take a computer around 184 years to guess this password: gueSS-m8y-pW. On the hand, if your password was mary010125, a computer could crack that in about one-tenth of a second.

If you altered that password to read mARy&01!01!25, it would then take 49 years for that same computer to hack your password. Add one more punctuation mark — like  mARy&-01!01!25 — and suddenly it would take 1,591 years to crack it.

So you’ve come up with what you think is a decent password. What next? Well, Intel has set up a free website where you may type in something similar to this password to verify how strong it is. Go to, type in a sample password (don’t use your real password), and click “Grade My Password.”

If the result is 100 or more years to crack the password, then you’d be safe to use something similar to that password. (Since Intel also owns McAfee, you’ll see plenty of McAfee ads on the site so just ignore them.)

Once you’ve come up with a reasonably good password, you can modify it slightly for different accounts. For example, take “mY-Pa3&&3Word” (2,273 years) and make it “mY-Pa3&&3Word-fb” for your Facebook account, “mY-Pa3&&3Word-ba” for your Bank of America account, “mY-Pa3&&3Word-gm” for your Gmail account, and so forth. Incidentally, each of these modified passwords would take 49,178,971 years to guess!

This is Larry Schneider, logging off.


Larry Schneider is the owner of Accent on Computers, a Greenwich-based consulting firm-now in its 15th year of business-catering to individuals, businesses and professional offices. PC and Mac services include computer setup, training, troubleshooting, virus resolution, networking, Internet, database and programming. Call 625-7575, visit, or send e-mail to [email protected]

By participating in the comments section of this site you are agreeing to our Privacy Policy and User Agreement

© Hersam Acorn. All rights reserved. The Greenwich Post, 10 Corbin Drive, Floor 3, Darien, CT 06820

Designed by WPSHOWER

Powered by WordPress