Over the weekend we got an email into our account offering cheap meds; nothing new there as they regularly seem to get through the net these days. The problem is it came from our own personal Hotmail account. Clearly the account had been hacked so after trying to log in and finding that we’d been blocked out we went through the second level protection and reset the account details to allow us to regain control of our own account.
Whilst this tale may sound familiar the real issue here is that the account was compromised in the first place. The password we were using on this particular account was thirteen characters long and exclusive to this account. It comprised a combination of letters, numbers, characters and capitals; in fact everything that you are recommended to do to ensure that you have a really secure password.
To guess this password the hackers would have to work through 81 raised to the power of 13 which means 6,461,081,889,226,673,298,932,241 combinations. This seems unlikely in the extreme which means that there are three other options available; the hackers installed a key logger on our computer to gain access by tracking keystrokes, they managed to guess the password recovery questions on Hotmail and change the password or there has been a security breach somewhere.
The account is only ever accessed from one machine and a quick check shows that this is still secure, there was no email to say that the password had been changed so that leaves just a security breach. Now it is entirely possible that we’ve been neglectful and someone has managed to find out our password as we have accidently left it on view, but having never accessed this account on a public computer using this password and having never written it down or shared it with anyone this seems unlikely. It’s not even stored in the computer browser for quick log in. This leads us to believe that either Hotmail has perhaps been compromised or hacking has now been elevated to a new level.
This kind of hack is not unusual and a quick search of your friends on Facebook will show you how many of them have had their accounts broken into in recent weeks and months. Either every one of us has been negligent in our password creation and security or there is a new way to unlock people’s accounts, even when the passwords are impossibly long. Given that it is unlikely that so many people have been so remiss, and we know we haven’t, perhaps the time has come to get rid of human generated password protection and move to machine generated encrypted passwords. It’s not as if there’s a shortage of these around and if it means that hackers can no longer hijack your account maybe this is the future?
As processing power becomes easier to access and machines become more sophisticated then maybe we have arrived at the point where a password simply isn’t enough any more.