Submitted by Jordan on
Right now, you have probably given all your sensitive information to two of three large companies. They are Facebook, Google, and Yahoo. Of the three, Google has the best security. Facebook is okay, and Yahoo is terrible. Let's see why.
Facebook: 3 Stars
Yesterday, Facebook froze my account because someone had tried to hack it from Thailand. It's awesome that FB has something in place to protect against that. Thanks to their security protection, my account is still safe. It's pretty obvious how this works: Facebook watches where I habitually use my account, either using IP tracking or, more likely, MAC address. (The first has to do with your physical location; the second has to do with your physical device.) But their entire system is rather opaque, and I can't control it. In addition, if someone really wanted to hijack my account, all they'd have to do is hijack my email first.
Google: 5 Stars
Google, by contrast, is spectacular. They have something called two way authentication. This is industrial-strength security and I've only seen it one time before: at the home of an engineer who worked for Sun Microsystems. (They may not have had a successful business model, but they sure as hell didn't get hacked.)
What is 2 Way Authentication?
For two-way authentication to work, you need a second device. In this case, I install an app on my Android phone. When I log on to Gmail (or another Google service - I use many), it asks me for my password, and then it asks me for my secondary code. As I write this, my code is 422712. Don't bother trying to use it; it changes every 30 seconds. (You would also have to hack my password.)
If I lose my laptop, I de-authorize it from my phone. If I lose my phone, I de-authorize it from my laptop.
The result is a pretty much bulletproof system. Short of kidnapping me, you are never going to hack my Gmail. I wish Facebook did this.
Yahoo: 1 Used Piece of Toilet Paper
If you still have Yahoo mail, chances are you've already been hacked. I have two accounts which I haven't used in 15 years, and they both got hacked. They both had strong, secure passwords which I wasn't using elsewhere. (We'll talk about password strength in a minute.) There are several typical venues for hacking accounts (wireless sniffing, etc.), and it wasn't any of these. Yahoo's servers simply aren't secure. The solution is to stop using Yahoo. Not only does their mail suck, but Gmail's security is quantitatively better (see above).
What You're Doing Wrong and How To Fix It
By now you already have half the answer: Trust Facebook and Gmail, don't trust Yahoo. The other half has to do with password security.
It turns out the conventional wisdom about passwords is wrong. First of all, if your account is going to get hacked, it's more likely because of password reuse or weak servers (eg. Yahoo). It's still a good idea to have a strong password, but the classic method of "add a capital letter and punctuation" is useless.
I'm talking, of course, about brute force attacks. If someone is going to keep entering random characters in an attempt to guess your password, how long will it take? On Facebook or Google, it will never happen (see above). But not everything can go through Facebook or Google, so what do you do the rest of the time? It has to do with entropy. If a computer is randomly guessing characters, then it doesn't care that you substituted the e for a 3. It's going to guess it sooner or later. It's probably going to start with common guesses, like "password" and "123456." After that it's going to throw in random letters and numbers and eventually it's going to get it right. Using a capital letter isn't going to slow it down much. For example, "Tr0ub4dor&3" isn't terribly strong; there are only 11 characters to guess.
The Answer
Your password doesn't have to be confusing, it just has to be long. For example, "correct horse battery staple". It's plain English, very easy to remember, and provides 28 characters to guess, making it 65536 times more secure. Because of mathematics, the difficulty to guess increases exponentially. In other words:
