Have you heard of "dictionary hack" programs?

DH programs mean that anybody, not just hackers, can try to guess username/password combinations to get into online paysites, ebay accounts, paypal accounts, bank accounts, email accounts etc.

The DH program starts with huge lists of possible usernames.  The list is compiled from phone book entries, dictionaries, nicknames used in forums, email addresses found on websites, email addresses on spam lists, etc.  If your email address has EVER received a single piece of spam, then your email nickname is probably on a DH list.  Suppose your email address is johndoe1@yahoo.com.  The DH program takes "johndoe1", goes to websites and tries guessing various passwords with it, to see if it works.  If you've used the nickname "johndoe" online, the DH program will also try that nick with various numbers, "johndoe2", "johndoe33" etc.

For guessing passwords, DH programs try popular types of passwords, plus other words.  Last names culled from phone book listings, first names from baby name lists, the word "password", words related to each website (for this site, words like "bondage" or "lorelei"), etc.

Most websites, mine included, will lock out a computer if it seems to be trying to "guess" its way in instead of being a real member who knows their password on the first login.  However, after being locked out, a DH program knows to reset its computer to a new IP #, and it returns to the site to try a few new guesses.  There is no way to prevent this cycle without winding up locking out legitimate members too.

So, don't pick a username or password that's easy.

The username and password should both have letters AND numbers in them.  But don't do it the typical way (letters followed by numbers).

Mixing lowercase with uppercase letters helps.

Don't use names or online nicknames.

Don't use the first part of your email address, as your username.

Don't pick a username/password that you've used at freesites, because those sites might have leaked them.

Finally, select letters and numbers -- not underlines, asterisks, hyphens or dashes.

Thank you for your consideration.

Back