[OPLINLIST] Third week of compromised email

Bill Hardison bhardison at norweld.org
Tue Mar 3 10:49:56 EST 2015 

Stephen, thanks for the reminder.

Also, if you use a common password (like library or director or librarian)
and a peer or co-worker is using it as well and falls for these phishing
deals, you're compromised as well.

According to GIZMODO here are the top 25 most popular (not worst but used)
passwords of 2014


   1. 123456 (Unchanged)
   2. password (Unchanged)
   3. 12345 (Up 17)
   4. 12345678 (Down 1)
   5. qwerty (Down 1)
   6. 123456789 (Unchanged)
   7. 1234 (Up 9)
   8. baseball (New)
   9. dragon (New)
   10. football (New)

For all 25 top passwords http://bit.ly/1J3pGRT

Here is an OLD but still valid article on passwords.
http://www.garykessler.net/library/password.html

Here are some highlights:


   - *Don't* use your login or user name in any form (as-is, reversed,
   capitalized, doubled, etc.)
   - *Don't* use your first, middle, or last name in any form.
   - *Don't* use your spouse's, significant other's, children's, friend's,
   or pet's name in any form.
   - *Don't* use other information easily obtained about you, including
   your date of birth, license plate number, telephone number, social security
   number, make of your automobile, house address, etc.
   - *Don't* use a password of all digits or all the same letter.
   - *Don't* use a word contained in English or foreign language
   dictionaries, spelling lists, acronym or abbreviation lists, or other lists
   of words.
   (such as 'library' 'director' or 'librarian')
   - *Don't* use a password containing fewer than six characters.
   - *Don't* give your password to another person for any reason.



   - *Do* use a password with mixed-case characters (where supported).
   - *Do *use a password containing non-alphabetic characters (digits
   and/or punctuation)
   - *Do *use a password that is easy to remember, so that you don't need
   to write it down.
   - *Do *use a password that you can type quickly, without having to look
   at the keyboard.

And here is why:

How long would it take to crack my password: *(Includes letters and numbers
only, no upper- or lower-case and no symbols)*

*6 characters: 2.25 billion possible combinations*

   - Cracking online using web app hitting a target site with one thousand
   guesses per second: 3.7 weeks.
   - Cracking offline using high-powered servers or desktops (one hundred
   billion guesses/second): 0.0224 seconds
   - Cracking offline, using massively parallel multiprocessing clusters or
   grid (one hundred trillion guesses per second: 0.0000224 seconds

So the password 'library' would take someone at home with a high-powered
desktop about 1/40th of a second to crack the password "library" Or, as
some sites call it INSTANTLY.

For more data http://bit.ly/1BD2ecx

Bill


*Bill Hardison*
Computer Services Coordinator
Northwest Regional Library System (NORWELD)
419-352-2903
*IM with Google Hangouts*

*You rush a miracle man, you get rotten miracles.*
Miracle Max: The Princess Bride (1987)

*This message and any response to it may constitute a public record and
thusmay be publicly available to anyone who requests it.*


On Tue, Mar 3, 2015 at 10:05 AM, Stephen Hedges <hedgesst at oplin.org> wrote:

> Seems like about once a year (maybe even more often) we have to repeat a
> simple message to OPLIN email users:
>
> DO NOT GIVE YOUR EMAIL PASSWORD TO ANYONE ON THE INTERNET.
> NEVER.
> EVER.
>
> But people still do, and then their account is taken over by spammers and
> used to spam the Internet, and then our email server gets blacklisted and
> everyone's email gets blocked. Sometimes the "hook" to get your password is
> buried in the email as a link to a separate webpage that will request your
> password, but the rule still applies:
>
> DO NOT GIVE YOUR EMAIL PASSWORD TO ANYONE ON THE INTERNET.
> NEVER.
> EVER.
>
> OPLIN email users have been giving away their passwords for three weeks
> now. STOP IT. At least 15 individuals have been victimized by the most
> recent phishing attempt and lost access to their accounts, and caused daily
> blockages to OPLIN email; don't be the 16th.
>
> When you give away your email password, it not only affects your account,
> it affects everyone else, too. When it comes to passwords, forget what you
> learned in kindergarten: Sharing is Bad!
> (And if you have unfortunately already shared your password on the
> Internet, change your password immediately!)
>
> So let me repeat:
>
> DO NOT GIVE YOUR EMAIL PASSWORD TO ANYONE ON THE INTERNET.
> NEVER.
> EVER.
>
> Just to be sure you understand, here's a little test:
>
> Find your email "Reply" button. Find your email "Delete" button.
> When you get an email asking for your password, which button are you going
> to use?
>
> (Please, please, please pass this test!)
>
> Stephen
> --
> Stephen Hedges, Director
> Ohio Public Library Information Network (OPLIN)
> 2323 W. Fifth Ave., Suite 130, Columbus, OH 43204
> 614-728-5250  ::  hedgesst at oplin.org
> _______________________________________________
> OPLINLIST mailing list -- OPLINLIST at lists.oplin.org
> http://lists.oplin.org/mailman/listinfo/oplinlist
>
> http://aboutbooks.info -- Search for author, title, subject... anything
> about books.
>



-- 

*Bill,*

Bill Hardison
Computer Services Coordinator
Northwest Regional Library System (NORWELD)
419-352-2903
*Yahoo IM - TechnobraryGeek*

*You rush a miracle man, you get rotten miracles.*
Miracle Max: The Princess Bride (1987)

*This message and any response to it may constitute a public record and
thusmay be publicly available to anyone who requests it.*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.oplin.org/pipermail/oplinlist/attachments/20150303/088fdd9d/attachment.html>

More information about the OPLINLIST mailing list