Mark Kellner, a technology reporter at the Washington Times, bravely owns up to using crappy passwords. Most users think they have nothing to hide and nothing of value. “Who would possibly be interested in me” they ask. So “why”, they ask, “should I bother with a good password.”
Kellner’s Gmail account was compromised by an IP address in China. While Kellner could have been targeted as a journalist, those with political motives would have had to have been rather clever to cover their trail by sending out spam from the mailbox. Even if your mailbox doesn’t contain a lot of your online passwords or have contact info for important people, a regular mailbox can still be used as a trusted platform from which to spam or con people out of money in your name.
Kellner admits to using a simple one word password. Even in the dark ages when I got my Yahoo mail account, the default/provided password combined two words and appended two numbers.
The lesson for normal people who don’t read infosec blogs is even if you think no one would ever target you, you are at risk and need to use password common sense.
Dont reuse passwords on online accounts
change them every 3-6 months
Don’t use dictionary words, common names or sports teams.
Letters Numbers Special Characters.
If someone emails you your password during an account set up or password reset, you need to change the password.
At a minimum
Dont reuse passwords on important accounts
Dont leave a copy of your passwords in your mailbox.
There are many memorable ways to make a password. A single word doesn’t cut it.
The author is a Mac guy. He ran anti-mailware on the computer anyway. So it is likely this wasn’t a password stolen from his computer.