Change your Email Password Now! – Practical Help’s Tip of the Day #013
As you read this, bad guys are illicitly hacking into thousands of email accounts. Why? because it’s so easy. It’s my opinion (most would call this a ‘fact’) that 90% of all email accounts in the world are secured with a simple password that can be easily discovered or cracked. If you think you’re not in this group, please consider carefully:
- Is your password at least 13 characters long?
- Does it contain at least one of each of these: a capital letter, a lower-case letter, a number, and a special character (usually Shift and a number key)?
- Is it truly a random and mixed-up set of characters?
If the answer to any of these is no, your email account is at serious risk, right now. And by extension, your entire online identity. Remember, every online account has a ‘forgotten password’ feature where they will email you a new password or password reset instructions. Your bank, your credit card company, your online shopping accounts, social networking accounts, etc. So a hacker who gains access to your email account has the ‘keys to your kingdom’.
So please, please change your email account password right now. Especially if you’ve not changed your email account password in years. And if you think this is too much work, you are just the easy target hackers love. No disrespect intended!
Right now, hackers have easy-to-use tools at their disposal to guess your password and gain access to your account. Your email address is already public knowledge, and they can run a simple program on any computer (or lots of computers) that uses brute-force methods to guess your password. Previously, we warned you about easily-guessable passwords and gave you a simple method to create good passwords. The method isn’t too complicated, and helps offset our faulty human memory problems:
- Make up a sentence that you can memorize, then memorize it (don’t write it down)
- Use the first letters of that sentence to create a passcode (this is a mnemonic), and practice typing that passcode while you recite the sentence.
- Change your email account password to that new passcode
It’s critical that you don’t use this passcode for anything other than your email account. Don’t write it down, and don’t tell it to anyone.
Read on for more detailed information below, along with examples and specific instructions for how to do this.
For the first step, construct a sentence that meets the requirements for complexity. For example:
“I hate bad passwords because they are easy! And crackable too?”
You want to make up a sentence that has enough complexity, yet is personal enough for you to easily remember. Here’s some hints:
- Include one or more numbers and one or more capital letters. For example: “…and my 4 most favorite car brands are Porsche, …”, or “…there are 613 commandments in the Talmud that…”
- Include at least one special character. For example: “…and at what cost…” (‘and’ becomes & and ‘at’ becomes @), or “…times 12 plus 3 equals 20 minus 5 (‘times’ becomes *, ‘plus’ becomes +, and ‘equals’ becomes =)
- Include some fact that is personal to you. For example: “…I love chocolate ice cream…” or “…my hometown is in Quebec…”
Please take a few minutes to figure out a good sentence, one that will be personal and memorable to you. Next, in order to memorize it you need to say it out loud at least a dozen times. In front of the bathroom mirror is fine (in private).
For the second step, take the first letter of each word, along with normally-capitalized words (for capital letters) and readily convertible numbers and create your mnemonic. So the above example would become:
“Ih8bpbtae!Ac2?”
Now using your computer, tablet or smartphone, type the passcode while you recite the sentence. You need to do this at least a dozen times before it starts to become easier – please be patient! Keep doing it again and again until you can type the passcode while reciting the sentence silently. This will also help to lock it into long-term memory. And please don’t use my example, make up your own!
Now for the third step, go to your email account, and change the password. Here are instructions for a few popular email providers:
In Gmail:
- Open Gmail, click your account picture (at the top-right of the window), then click the Accounts link
- Click the Security tab, then the Change Password link
- Type in your old password, then the new passcode twice in the boxes provided, then click the blue Change Password button
You can enable 2-step verification in step 2, but read about it and know the requirements first before you set that up.
In AOL:
- Go to www.aol.com and log in. Click the Options link and Account Info
- You may need to answer a personal security question, then click the Change Password link
- Type in your old password, then the new passcode twice in the boxes provided, then click the Change Password button
In Yahoo:
- Go to www.yahoo.com and sign in. Click the Account info link
- Click on your account picture (in the top-right of the window) and click the Account Settings link in the drop-down menu (you may have to sign in again)
- Click the Account Information box, then the Change Your Password link
- Type in the old password, your new passcode in the boxes provided, then click the Save button
In Microsoft Live:
- Go to live.com and sign in. This takes you to your account summary page
- Click the Password link on the left-side menu
- Type in the old password and the new passcode (twice) in the boxes provided and click the Save link
If you use a different email provider, tell me in the comments and I’ll add instructions for that provider to this note.
Remember, if you use a program like Outlook to access your email, you also need to change the password saved in that program. Here’s how to change it in Outlook:
- Open Outlook, Click File, then Account Settings, and click the Change Link on your email account
- Uncheck the checkbox (to test settings), highlight and type your new passcode in the password box, and click Next
- Then click the Finish button.
If you use a different program, tell me in the comments and I’ll add instructions for the program you use.
There are a lot of opinions on password security, such as using password managers, 2-factor authentication, and security questions. We’re not saying to forget about these other aspects, but if you follow our advice above, you’ve taken the biggest and most valuable step to securing your own online identity.
This website runs on a patronage model. If you find my answers of value, please consider supporting me by sending any dollar amount via:
or by mailing a check/cash to PosiTek.net LLC 1934 Old Gallows Road, Suite 350, Tysons Corner VA 22182. I am not a non-profit, but your support helps me to continue delivering advice and consumer technology support to the public. Thanks!
Wonderful web site. Lots of helpful info here. I am sending
it to a few friends ans also sharing in delicious.
And naturally, thanks for your effort!
Thanks for sharing!
I use an interesting way to generate a password that is as easy to type as to remember, especially for touch-typists: simply take an easy-to-remember phrase and type it at a different location on the keyboard. If you go up a row (using the qwerty row as though it were the asdf row) you end up with lots of numbers, and you can throw in a special character and upper case at the end or beginning.
Personally, I use words that can be typed with the left hand only, just to keep it simple, and avoid spaces.
This technique has the peculiar property that you don’t even know your own password unless you really think about it. If a friend asks “hey, what’s your password” you can honestly answer “I don’t know!”. One disadvantage is that the rows on most keyboards are not staggered in the same way, so it’s a bit easier to make an error.
🙂
Thanks for adding your voice, I’m sure some folks will find your method useful!