Bad passwords everywhere
30 December 2007
A couple of months ago, I came across a Wired News article describing how a hacker stole information from TorrentSpy, a popular file sharing website.
TorrentSpy’s owners are probably bright and computer savvy, and I suspect they take several measures to keep their servers secure. So how did Robert Anderson, a hacker turned MPAA informant, manage to gain access to their critical information?
The hacker, then 23 and living in Vancouver, British Columbia, claims he had cracked TorrentSpy’s servers by simply guessing an administrative password. He knew the password was weak — a combination of a name and some numbers.
“I just kept changing the numbers until it fit,” he says. “I guess you can call it luck. It took a little more than 30 tries [my bold].”
It’s unlikely that you have much to hide from the courts, but you have important email and bank accounts that you should keep secure with a strong password. Using strong passwords is one of the easiest and most effective means of staying secure on the net. I’ve explained before how to make great passwords.
Read more about passwords