Let’s start with why it is really really really bad!
Say someone with a criminal mind just hacked your email and had access to your inbox right now. What if they did searches for “direct deposit”, “order number”, “receipt” , “password, “account”, “autopay”, “invoice” or “payment”?
With a simple email hack how easy would it be to know where you work, bank, shop, and play by looking in your inbox, sent and trash folders? What could they figure out about your kids, their school, your parents, friends, coworkers etc. What addresses would they have? Phone numbers? Schedules? Website links?
They might also have access to things like tax returns, account statements, medical records, resumes that have gone through your email account. All of which have information that can be combined with other sources to piece together your life. This is why an email hack is so dangerous. So many people don’t realize that their email password is the key to their castle.
A hacked email lets them in everywhere
Once the email hacker collects all this info they will try to access your web accounts with the password they just hacked. But if that doesn’t work they can leverage the “forgot my password” until they find one that sends the password instead of resetting it. Then that password will get used on everything to see what other sites use it. Hackers are tenacious and will chip away day after day undetected until they have everything they want.
When all else fails they can reset your passwords and login as you and hijack your entire online existence. They can shut down balance alerts, start moving money around, send emails in your name asking your contacts to click on links that are back doors into their lives. They will create new accounts with your email and delete all the confirmations from your inbox so you have no idea these accounts exists and use them for as long as they need. By hacking your email and passwords, they can do pretty much do what they want.
Bottom-line, a criminal having access to your inbox is not good and opens you up for all kinds of headaches and embarrassment that can take years to recover.
So who is really at risk?
Anyone on gmail for business or office 365 are in a much better place than a small company that has their own email server because these services know they are a huge target and keep on the cutting edge to stay in front of the evil and do a great job. An email hacker getting access to your password with a brute force attack on your cloud account is probably low.
But, if you have your own email server and are not a Fortune 500 company with a multimillion dollar IT budget you are crazy to think you’re safe and you are not dealing with “if you get hacked” it’s “when you get hacked” which is why I don’t even deal with self-hosted email servers anymore (unless you are paying me to migrate them to the cloud).
Do I really need to worry about my email getting hacked? No one will guess my password.
So here is the deal, hackers don’t try and “guess” your password. (Ro)Bot Software does all the guessing using lists of every dictionary in the world with all the misspellings and possible combinations. When they run this software against your system it is called a “Brute Force Attack” and can process millions of guesses per second which is why many website have password rules like must be 8-12 characters and contain numbers making it harder for these programs to cipher your password.
There are two main things that affect the strength of your password. First one is LENGTH, second is COMPLEXITY.
So if you have a short simple password that can be found in a dictionary or a baby’s name book these bots can “guess” them almost INSTANTLY!
Why longer passwords are better.
A password with 8 characters has 218,340,105,584,896 or 628 combinations when using a mixture of numbers (10) and letters (52). A password with 9 characters (629) has 13,537,086,546,263,552 combinations which is almost double with 13,318,746,440,678,656 more combinations just by just adding one character to your password. So it might seem like only one small addition but it makes an exponential difference when it comes to the probability of you email getting hacked..
However, don’t let these enormous numbers fool you. If your password lacks complexity it still can easily get hacked!
Don’t use PASSWORDS use a PASSPHRASE!
When I first started using passwords I used my childhood dog’s name, “georgia“. As the years past and password requirements grew it became “Georgia1” then “Georgia0ne” then up to the day I published this article it was the PHRASE “GeorgiaOnemy1stPooch“.
GeorgiaOnemy1stPooch is long, complex with lower case, upper case and a number. I could have added a special character but a mixed case 20-character passphrase is pretty solid according to www.howsecureismypassword.net
Georgia will get hacked instantly
Georgia1 will take 2 days to crack
Georgia0ne will take 8 months to crack
GeorgiaOnemy1stPooch 558 QUADRILLION YEARS
A password that takes 558 quadrillion years to hack is virtually un-hackable (with today’s technology).
Don’t use the same passwords for everything. Make your passwords passphrases that are long and complex. Change them often and protect your email passwords. Your life might depend on it.
Email hacks are bad. Having access to your inbox means a criminal mind can gain access to any account that uses that email address. Protect yourself from email hacks by using long passphrases with mixed case, numbers and special characters when allowed. Never use the same password on bank accounts and the email account you use with the bank. Lastly, when when in doubt, change your passphrase.
Questions and Comments
Have you ever been hacked? What happened? What do you do now to prevent it? Please share any stories about getting hacked below. Or if you have any questions or topic suggestions please share as well.