This is a question we received at the Spokane Ask Me Anything sponsored by the National Association of Women Business Owners held June 12, 2014.



SpokaneAMA: My twitter account was hacked so I disabled it – how do you prevent this? Or on other social media?

When an account is hacked, i.e., someone other than the owner gaining access, it’s usually because the perpetrator was able to find the user ID and password.

It’s nearly impossible to prevent someone from finding your user ID on most social media. Often it’s your email address or your “handle” used on the social media site. Both are easily obtained. And because most of us use the same email address or “handle” for all our social media, a person can find a lot of information once they have your user ID.

The password presents a different problem for the hacker, but one which is not hard to solve in concept. The hacker simply has to keep trying different passwords until they find the right one. If your account requires eight characters and they are all letters of the alphabet, the hacker starts with aaaaaaaa, then aaaaaaab, aaaaaaac, and goes all the way to zzzzzzzz changing one letter at a time. It requires patience but if a computer is doing all the work, what’s the problem?

At present, the only defense you really have from someone hacking your social media accounts (or any other accounts) is to have a strong password. What do we mean by strong? A strong password is at least 8 characters long, has at least 1 number (0-9), at least one capital letter (A-Z), at least one lower case letter (a-z) and at least one symbol (!@#$%^&*()_+=-?><~).

It really comes down to numbers. For instance, an 8-character password consisting of only lower case letters (a-z) has 26 to the 8th power (written 26^8) possible combinations, that’s 208,827,064,576 when it’s all multiplied out. That seems like a lot – but a computer can generate that many combinations very quickly. And if it’s taking too long, then you can simply add more computers trying to find the password.

Which is why having a strong password is so important because instead of 26^8 combinations, a strong password has 80^8 possible combinations (A-Z, a-z, 0-9, and the symbols listed above = 80) which is over 8,000 times the number of just using a-z. It takes a very fast computer or a lot of computers to find the strong password.

Now you can make it even harder if you use a longer password because the longer the string of characters, the harder it will be to find the password. But the problem comes when you have to remember all your passwords. (I have over 200 accounts that require passwords). There are applications that will securely keep your passwords and therefore you only need to have one password to get all the other passwords, but they usually cost. And what happens of the corporate vault is hacked?

A few (free) ways that I have seen or heard being used are

1. Use a long sentence, use the first character of each word and substitute zeros for Os.
Over the long and dusty road, the caravan traveled to Los Angeles
Becomes the password 0tladr,tcttLA (Note that the O became a zero)

2. Use a long sentence and substitute 1 for I’s and 0 for o’s.
Where is my wandering boy tonight?
Becomes the password Where1smywander1ngb0yton1ght?

3. Use a strong password of 8 characters plus the name of the account.
8&rMUf%4FaceBook; 8&rM Uf%4Twitter; 8&rm Uf%4LinkedIn, etc.

I’m not recommending any particular system – in fact, I recommend that you come up with a system and don’t tell anybody. Remember that two people can keep a secret only if one of them is dead – and I fight dirty.

On a final note, none of the above is useful if you don’t protect your password. Many successful hacks are due to the hacked giving their information to others – anyone writing their passwords on a post-it note attached to your computer screen? There are even contests where people try to get access to computer systems by calling people and asking for their user IDs and passwords (“HI, I’m Jones in IT. We’ve notice an unusual amount of activity on your account and want to verify that you’re not being hacked. Could you verify with me your user ID and password?” – you’d be very surprised how often it works.)

Keep it safe. Keep it secure.

A physicist by trade, author by choice, a born teacher, a retired veteran, and an adamant problem solver, Frank has helped the White House, federal agencies, military offices, historical museums, manufacturers, and over 250 technology startups get stuff done, communicate effectively, and find practical solutions that work for them. In his spare time, he makes sawdust and watches Godzilla movies.