Imagine if some key/lock maker only made a few different keys - square, circular, and triangular. These locks would not provide good security at all - Mr. Stranger could easily try each possible shape and then get into your house, car, etc.
It's the same with passwords. Is your password easily guessable? Is it "password123"? If I tried every word in the dictionary could I get it? Is it your username (or some permutation of it)? Your username + your birth year? If you have a guessable password, Mr. Stranger could probably guess it eventually, after some number of tries.
Let's see what Mr. Stranger could do if he guessed the password to your main email account:
Obviously, he would be able to read ALL of your email. If you have any confidential information, such as other passwords, credit card numbers, social security number (which you shouldn't store on your email server anyway), Mr. Stranger would be able to see it.
He might be able to see where/when/with whom you are having dinner this weekend. A lot of personal information (how much email do you have stored?) could be extracted.
He would also have access to your contact list and all their email addresses (perhaps he'll make a copy for himself and sell this list to someone). He could send mail to them from your account without you ever knowing. (Hopefully he says something nice.)
If you use gmail, your gmail password would also provide access to any of the other Google applications you use - Mr. Stranger could view your calendar. He could see all your calendar events, read your google documents, make changes, etc.
If you use the same password for any other sites, Mr. Stranger now knows the password to your other accounts and could try using it.
Mr. Stranger could easily change your password and log into your account on any of those sites that use an email-based password recovery mechanism. Even if you use a different password for other sites, many other accounts are linked to your email address. For example, if you forget your password on Facebook, Xanga, Amazon, etc., you can ask them to send you an email with a temporary password or link so that you may reset your password.
Once Mr. Stranger gets into Xanga, he could read your private entries or read your friend's entries, write/delete/etc. any of your entries. He could do some pretty mean things.
If Mr. Stranger gets into Facebook, he would be able to see all your friends and their info (like telephone number, address, pictures..), and send them all messages (hopefully nothing mean or misleading), post pictures, delete stuff, etc. Just imagine the possibilities.
If Mr. Stranger logs into your Amazon account, and you have your credit card information stored and linked to your Amazon account, Mr. Stranger could order some items and have them delivered. (Luckily Amazon limits using saved credit card data to addresses you have used before.) He could delete emails/change the listed email address so you notice the purchases later than sooner.
If Mr. Stranger can find out your social security number, account number, or other information stored in your email somewhere, he might also be able to use it to log into your online bank account (he knows what accounts you have because he scanned your inbox) and do some damage there.
Pretty scary huh? (I don't mean to scare you, just showing you what's possible.)
Hopefully you don't have a square-shaped password.
Posts
No comments:
Post a Comment