Yesterday, my twitter account got hacked, it’s nice to have a story happen just so you can have something to put on your blog!
That was less nice that it made me send spammy DMs to all the sorry people that followed me, i had to clean that up after i changed that password in a hurry. I’m glad it was not somebody or something smart enough to change my mail/password before i did, it could have been quite worse.
But that taught me a lesson, i had fuzzy plans to change my weakest passwords for some time, these that i used for so long because i didn’t know any better back then, so no, i’ll never use this one anymore, and i’ll not stick to passphrases, that is, a succession of words that may or may not mean something, because if you think about it, and consider letters of the English language as letters of bigger alphabet with which you can do words (valid English sentences) with, you quickly see it’s a much larger alphabet than the ~60 symbols you get with ascii on a keyboard, a 4 words passphrase is a lot better than an 8 letters password, and it’s far easier to remember an 8 words (or more) passphrase than a 20 letters password.
Of course, you are not limited to English, or to valid words, but you are already making things way harder to break, so you can aim for easy to rembember sentences, they could be your favorite in a book, in a song, a movie, a poem, or even a speech, people building dictionaries of all the known literature to bruteforce your passwords using that will have a lot of fun…
Anyway, lesson learned, and a few passwords were changed, some weak passwords were used for quite important things like amazon (duh), i’m glad twitter was the thing that got hit.