SUBSCRIBE TO OUR FREE NEWSLETTER
Daily news & progressive opinion—funded by the people, not the corporations—delivered straight to your inbox.
5
#000000
#FFFFFF
5
#000000
#FFFFFF
Dear Clinton Team: We Noticed You Might Need Some Email Security Tips
There is probably no one more acutely aware of the importance of good cybersecurity right now than Hillary Clinton's campaign chairman John Podesta, whose emails have been laid bare by Wikileaks, are being mined for news by journalists (including at The Intercept), and are available for anyone with internet access to read.
So as a public service to Podesta and everyone else on Clinton's staff, here are some email security tips that could have saved you from getting hacked, and might help you in the future.
Oct 13, 2016
There is probably no one more acutely aware of the importance of good cybersecurity right now than Hillary Clinton's campaign chairman John Podesta, whose emails have been laid bare by Wikileaks, are being mined for news by journalists (including at The Intercept), and are available for anyone with internet access to read.
So as a public service to Podesta and everyone else on Clinton's staff, here are some email security tips that could have saved you from getting hacked, and might help you in the future.
Use a strong password
There's a method for coming up with passwords that are mathematically unfeasible for anyone to ever guess by brute force, but that are still possible for you to memorize. I've written about it before, in detail, including an explanation of the math behind it.
But in short: You start with a long list of words and then randomly select one (by rolling dice), then another, and so on, until you end up with something like: "slinging gusty bunny chill gift." Using this method, called Diceware, there is a one in 28 quintillion (that is, 28 with eighteen zeros at the end) chance of guessing this exact password.
For online services that prevent attackers from making very many guesses -- including Gmail -- a five-word Diceware password is much stronger than you'll ever need. To make it super easy, use this wordlist from the Electronic Frontier Foundation.
Do not use a weak password
So if that's a strong password, what does a weak password look like? "Runner4567."
Use a unique password for each application
The same day that Wikileaks published Podesta's email, his Twitter account got hacked as well. How do you think that happened? I have a guess: He reused a password that was exposed in his email, and someone tried it on his Twitter account.
Even if you use a strong password, it quickly becomes worthless if you use it everywhere. The average person has accounts on dozens of websites. For those who reuse passwords, all it takes is for any one of those sites to get hacked and your password to get compromised, and the hacker can gain access to your accounts on all of them.
You can avoid this by using different strong passwords for every account. The only way that this is possible is by using a password manager, a program that remembers all your passwords for you (in an encrypted database) so you don't have to. You should secure your password manager with an especially strong password. I recommend a seven-word Diceware passphrase.
There are many password managers to choose from: KeePassX, LastPass, 1Password, and many more. Shop around for whichever one fits your organization the best. It doesn't so much matter which you use, so long as you use strong, unique passwords for each account. Password managers also help you generate secure random passwords.
And there's more. Read the full article at The Intercept.
An Urgent Message From Our Co-Founder
Dear Common Dreams reader, It’s been nearly 30 years since I co-founded Common Dreams with my late wife, Lina Newhouser. We had the radical notion that journalism should serve the public good, not corporate profits. It was clear to us from the outset what it would take to build such a project. No paid advertisements. No corporate sponsors. No millionaire publisher telling us what to think or do. Many people said we wouldn't last a year, but we proved those doubters wrong. Together with a tremendous team of journalists and dedicated staff, we built an independent media outlet free from the constraints of profits and corporate control. Our mission has always been simple: To inform. To inspire. To ignite change for the common good. Building Common Dreams was not easy. Our survival was never guaranteed. When you take on the most powerful forces—Wall Street greed, fossil fuel industry destruction, Big Tech lobbyists, and uber-rich oligarchs who have spent billions upon billions rigging the economy and democracy in their favor—the only bulwark you have is supporters who believe in your work. But here’s the urgent message from me today. It's never been this bad out there. And it's never been this hard to keep us going. At the very moment Common Dreams is most needed, the threats we face are intensifying. We need your support now more than ever. We don't accept corporate advertising and never will. We don't have a paywall because we don't think people should be blocked from critical news based on their ability to pay. Everything we do is funded by the donations of readers like you. When everyone does the little they can afford, we are strong. But if that support retreats or dries up, so do we. Will you donate now to make sure Common Dreams not only survives but thrives? —Craig Brown, Co-founder |
© 2023 The Intercept
There is probably no one more acutely aware of the importance of good cybersecurity right now than Hillary Clinton's campaign chairman John Podesta, whose emails have been laid bare by Wikileaks, are being mined for news by journalists (including at The Intercept), and are available for anyone with internet access to read.
So as a public service to Podesta and everyone else on Clinton's staff, here are some email security tips that could have saved you from getting hacked, and might help you in the future.
Use a strong password
There's a method for coming up with passwords that are mathematically unfeasible for anyone to ever guess by brute force, but that are still possible for you to memorize. I've written about it before, in detail, including an explanation of the math behind it.
But in short: You start with a long list of words and then randomly select one (by rolling dice), then another, and so on, until you end up with something like: "slinging gusty bunny chill gift." Using this method, called Diceware, there is a one in 28 quintillion (that is, 28 with eighteen zeros at the end) chance of guessing this exact password.
For online services that prevent attackers from making very many guesses -- including Gmail -- a five-word Diceware password is much stronger than you'll ever need. To make it super easy, use this wordlist from the Electronic Frontier Foundation.
Do not use a weak password
So if that's a strong password, what does a weak password look like? "Runner4567."
Use a unique password for each application
The same day that Wikileaks published Podesta's email, his Twitter account got hacked as well. How do you think that happened? I have a guess: He reused a password that was exposed in his email, and someone tried it on his Twitter account.
Even if you use a strong password, it quickly becomes worthless if you use it everywhere. The average person has accounts on dozens of websites. For those who reuse passwords, all it takes is for any one of those sites to get hacked and your password to get compromised, and the hacker can gain access to your accounts on all of them.
You can avoid this by using different strong passwords for every account. The only way that this is possible is by using a password manager, a program that remembers all your passwords for you (in an encrypted database) so you don't have to. You should secure your password manager with an especially strong password. I recommend a seven-word Diceware passphrase.
There are many password managers to choose from: KeePassX, LastPass, 1Password, and many more. Shop around for whichever one fits your organization the best. It doesn't so much matter which you use, so long as you use strong, unique passwords for each account. Password managers also help you generate secure random passwords.
And there's more. Read the full article at The Intercept.
There is probably no one more acutely aware of the importance of good cybersecurity right now than Hillary Clinton's campaign chairman John Podesta, whose emails have been laid bare by Wikileaks, are being mined for news by journalists (including at The Intercept), and are available for anyone with internet access to read.
So as a public service to Podesta and everyone else on Clinton's staff, here are some email security tips that could have saved you from getting hacked, and might help you in the future.
Use a strong password
There's a method for coming up with passwords that are mathematically unfeasible for anyone to ever guess by brute force, but that are still possible for you to memorize. I've written about it before, in detail, including an explanation of the math behind it.
But in short: You start with a long list of words and then randomly select one (by rolling dice), then another, and so on, until you end up with something like: "slinging gusty bunny chill gift." Using this method, called Diceware, there is a one in 28 quintillion (that is, 28 with eighteen zeros at the end) chance of guessing this exact password.
For online services that prevent attackers from making very many guesses -- including Gmail -- a five-word Diceware password is much stronger than you'll ever need. To make it super easy, use this wordlist from the Electronic Frontier Foundation.
Do not use a weak password
So if that's a strong password, what does a weak password look like? "Runner4567."
Use a unique password for each application
The same day that Wikileaks published Podesta's email, his Twitter account got hacked as well. How do you think that happened? I have a guess: He reused a password that was exposed in his email, and someone tried it on his Twitter account.
Even if you use a strong password, it quickly becomes worthless if you use it everywhere. The average person has accounts on dozens of websites. For those who reuse passwords, all it takes is for any one of those sites to get hacked and your password to get compromised, and the hacker can gain access to your accounts on all of them.
You can avoid this by using different strong passwords for every account. The only way that this is possible is by using a password manager, a program that remembers all your passwords for you (in an encrypted database) so you don't have to. You should secure your password manager with an especially strong password. I recommend a seven-word Diceware passphrase.
There are many password managers to choose from: KeePassX, LastPass, 1Password, and many more. Shop around for whichever one fits your organization the best. It doesn't so much matter which you use, so long as you use strong, unique passwords for each account. Password managers also help you generate secure random passwords.
And there's more. Read the full article at The Intercept.
We've had enough. The 1% own and operate the corporate media. They are doing everything they can to defend the status quo, squash dissent and protect the wealthy and the powerful. The Common Dreams media model is different. We cover the news that matters to the 99%. Our mission? To inform. To inspire. To ignite change for the common good. How? Nonprofit. Independent. Reader-supported. Free to read. Free to republish. Free to share. With no advertising. No paywalls. No selling of your data. Thousands of small donations fund our newsroom and allow us to continue publishing. Can you chip in? We can't do it without you. Thank you.