why and how?

TheMSsForum.com: The Microsoft Software Forum

ok ok a question how do people find out your password and log into your hotmail account and mess it up, i have changed my password about 6 times in the last 2 days, i changed my secret question and its proper annoying lol
help
x
Top

Re: why and how? by Shenan

Shenan
Thu Jul 15 21:03:36 CDT 2004

help wrote:
> ok ok a question how do people find out your password and log into
> your hotmail account and mess it up, i have changed my password about
> 6 times in the last 2 days, i changed my secret question and its
> proper annoying lol help
> x

My question(s) to you...

How are you getting back in?
Are you changing to something with a little difficulty to it? Like thinking
up a sentence and using the first two letters of each word as your password?
Replacing some letters with numbers and throwing a capital letter in there
for good measure? Something like:

I hate changing my stupid hotmail password = Ih8chmySTh0p4

Hard to remember - harder to guess.

--
<- Shenan ->
--
The information is provided "as is", with no guarantees of
completeness, accuracy or timeliness, and without warranties of any
kind, express or implied. In other words, read up before you take any
advice - you are the one ultimately responsible for your actions.


Top

How or why...who knows! by Undrin

Undrin
Thu Jul 15 22:15:00 CDT 2004

Good question. You may have a keylogger on your computer
and your keystrokes are being sent to a remote user. Or,
you inadvertently gave someone your password (by going to
a spoofed Web site that you think is Hotmail but isn't).

I've also read the trick online where someone says, "I
have a way for you to get ANYONE'S Hotmail account! Here's
how: send an email to _______@____.com and in the subject,
type ________, and in the body of the email, put the
Hotmail account you want to 'hack' into, YOUR Hotmail
account (so the 'server' sends you the password you seek)
and YOUR password. That's it! In five to ten minutes, you
will receive an email with the password to the Hotmail
address you asked for." I think only an idiot would fall
for this, but then again, there are some naive people out
there who give away their passwords like this. (Do a
simple search for "Hotmail account hacked" in any search
engine and you will see that this is all over in various
incarnations and versions.)

There is (was?) a program/trick available that supposedly
messed with passwords for Yahoo! users (supposedly, you
would try to log into Yahoo! Messenger or Mail and the
hacker could prevent this), but I don't know if that
actually exists for Hotmail accounts.

"Shenan Stanley" (in his reply to this thread) suggested
that this "hacker" could have guessed your password, but I
seriously doubt that: what coincidence it would be for
someone to guess your passwords time and time again!

>-----Original Message-----
>ok ok a question how do people find out your password and
>log into your hotmail account and mess it up, i have
>changed my password about 6 times in the last 2 days, i
>changed my secret question and its proper annoying lol
>help

Top

why and how? by anonymous

anonymous
Thu Jul 15 23:06:14 CDT 2004

Tips and tools
Password pitfalls

"Avoid the obvious," says Corey Schou, a professor at
Idaho State University and a security expert who audits
businesses and government agencies for network
vulnerability. Passwords such as someone's name, your
birth date, or a word from the dictionary may be easy to
remember, but they're also very easy to break.

"A computer is only as secure as its password," Schou
says. "Don't be lazy."

Hackers have tools that can crack a six-character password
in less than 15 minutes, he says.

Each password should combine uppercase and lowercase
characters, and include a digit or two. Finally, your
password should be at least 6 characters long, although
the most secure passwords are 13 or more.

Don't be redundant

Another popular mistake is using the same password for
different purposes. If you use the same password for
logging on to America Online, using the office network,
and accessing your e-mail account, one security breach
leaves your entire password-protected life vulnerable.

Rate your privacy needs

Face it, some programs and Web sites are about as
important to password-protect as your trash. There is a
big difference between someone surfing The New York Times'
Web site under your account name and someone sending your
boss hate e-mail using your e-mail account.

Rate the level of security for different applications and
Web sites. Then create a sliding security scale for the
passwords you want.

For your eyes only

You wouldn't leave your driver's license on the front
steps to your home, or post your Social Security number at
the corner store. So, why would you keep your passwords in
easy view?

Password-covered Post-it Notes litter office monitors
everywhere, Schou says. And even more hide underneath
keyboards. Typically, as soon the network administrator
changes the password, the yellow stickies get updated.
This is a computer network manager's nightmare. If you
must use a cheat sheet, keep it where others can't see it,
like in your wallet or purse.

Buried treasure

You can "bury" your cheat sheet even deeper. Try keeping
passwords in address books, encoded as bogus phone numbers
or names. If your work password is billa3432, list a
fictitious work pal as Bill Avery 555-3432, or write your
boss's address down as 3432 Bill Ave.

Do it yourself

There's still hope if you should happen to lose your
wallet and your memory. You can store Web site passwords
inside your Netscape Bookmarks.

In Netscape 3.0 and higher you can easily stash passwords
in the bookmark's Description field. First go to Edit
Bookmarks, and right-click the bookmark for which you want
to hide your password. Next select Bookmark Properties. In
the Description box, enter your user name and password or
a password hint.

Reading between the words

Schou suggests selecting a cryptic password by choosing a
series drawn from the first letters of the words in a line
from a poem or song. For example, "She'll Be Coming Around
the Mountain" yields sbcatm.

Beware of password pirates

Don't give your password to anyone, no matter who asks for
it. No matter how many times AOL warns its members about
giving out their passwords, scammers posing as AOL
employees still manage to trick people.

Still other password buccaneers have written JavaScript
programs devised to make a bogus error message appears on
your screen: "You have been disconnected from the computer
you dialed. Please reenter sign-on information to
reconnect."

Once you click OK, another window appears that looks
nearly identical to the Windows 95 and 98 dial-up window
that's used to launch a connection to an Internet service
provider. Once you fill in the information, the program
could e-mail it to someone else.

Personal password algorithm

Create a formula for devising all your passwords. Schou
suggests picking significant dates and wrapping them into
acronyms that symbolize the event.

An example for picking a password for work might be
choosing your fist day on the job. By taking the month,
event, year, and day of the week you might end up with
10fdw92mon as a password. The 10 stands for the month of
the year, October; fdw is short for "first day of work";
92 represents the year; and mon means Monday.

Hired gun

You might also consider storing your passwords in a list
and encrypting them using a program such as Symantec's
Norton For Your Eyes Only. Numerous password utilities are
commercially available. One such freeware program is
Password Pal by Dotted Decimal Software.

Password Pal places keys on your toolbar that you click to
access your passwords and log-on names. Click on the key,
and up pops a box with all your passwords and log-in
names. But, of course, the key itself is password-
protected.
Top