Password comic strip

Image credit: Flickr/fixedgear

It’s a good idea to check your spam/junk email folder periodically. I usually do it once a day. Most of the time the messages in my junk folder are just that—junk. But occasionally, something important winds up in the spam folder. Usually it’s because the sender forgot to include a subject line, or the body of the email has no content except for a hyperlink (you do know that you should NEVER click on such a link, right?). The latter was the case this morning, when I discovered an email from one of my kids’ teachers in my spam folder, only, in this case the email was actually spam. Apparently, the sender’s email account was hijacked, and used to spam everybody in their contacts list. It happens every once in a while that I get spam from someone I actually know, and I find it more and more puzzling each time it does.

Pro tip: choosing “password” as your online password is not a good idea. In fact, unless you’re hoping to be an easy target for hackers, it’s the worst password you can possibly choose.

The reason I find it puzzling is that in spite of all the news of online security breaches, and the heightened awareness and frequent reminders to use strong passwords for your email and online accounts, people are still using passwords that are easily hackable. It’s true, I have no idea what the password was to the email account that spammed me this morning, but based on the fact that it’s an AOL mail account, and stories like this, I have a pretty good hunch that it was fewer than 10 characters, and probably could be found in any dictionary. That’s because research shows that the most popular password last year was ‘123456.’ Make no mistake, the purpose of this blog isn’t to provide handy consumer electronics tips, but when I get spam from  people who are both highly educated and oftentimes business owners, I feel compelled to write a post like this, in hopes that whoever reads it will appreciate the message because it’s coming from an attorney.

A good password is like Chinese arithmetic: it’s unrecognizable, not found in the dictionary, long, and contains letters, numbers, and symbols.

Although it should go without saying, my firm’s retainer agreements now contain a clause about password strength and security. Because most of my clients are fairly tech savvy, I don’t get many questions about this clause, but when I do, I usually send them a link to this blog post written by Jeff Shiner, CEO of a software company that makes one of the top-ranked password protection applications for more than five years. Even though the article is almost three years old the information is still just as relevant as it was when it was written. At the very least, it serves as a starting point for taking control of your online data. Recently, I read a great guide to secure passwords written by data security guru Bruce Schneier. Even if you think you have a good password already, it’s worth checking out.