My gmail account was hacked

[happydog]

Yep. Hacked. I am not very happy about it either. "They" deleted all the messages in my inbox (which was the important stuff), deleted my contacts (meh) and sent a bulk email to all my contacts that said:

Subject: I need to get laid
Body: Please help

Real handy.

I just hope Google/Gmail can recover at least some of the email that were in the inbox. I am stupid and leave important emails there.

[RashG]

Subject: I need to get laid
Body: Please help

At least they were honest.

[Knightshade Dragon]

Holy crap!  That is crazy....hope they can help ya.

[Harpua3]

That sucks bigtime.

[coopasonic]

maybe this will be useful information to you, maybe not...

http://www.microsoft.com/athome/security/privacy/password.mspx

[Calvin]

Whoa. Sucks dude, hope you can clean up the damage and get the suckers.

[unbreakable]

maybe this will be useful information to you, maybe not...

http://www.microsoft.com/athome/security/privacy/password.mspx

Yes, that is good advice.  However, there was one discussion we had in one of my classes, which is that rather than brute-force attacks on the password, its often easier to just break the password hash rather than the actual password.  I recall a few years ago Hotmail had a similiar password bypass, as did ICQ.  And unfortunately, in that case, there is nothing the user can do about it.

Having said that, however, the mere inclusion of a number and/or a special character magnifies the security level of the password by an insane amount.  In fact, many brute-force attacks dont even use numbers and special characters, since so many accounts can be cracked with a dictionary list.

I personally advise people to use something they will remember, but to change it up.  For example, if you want to use your spouse's name (a really predictible choice, btw), at least modify it- instead of an A use @, an O becomes a zero, and throw in some abnormal capitalizations.  'r0bERT@' is much more secure than 'roberta'.  

People generally just dont appreciate how even something easy to remember can become a really strong password.

[happydog]

I know all about password security. I don't typically put much of it in practice, like most people. The problem with all the recommended ways of being password-secure is that it just becomes unfeasible. I currently have 20+ logins at various sites, computers and physical locations. The idea of creating a secure password, changing it often and not using the same one multiple times becomes nearly impossible.

[unbreakable]

I have, generally, four levels of passwords:

#1 I use for non-important internet stuff (meaning things which cannot end up costing me money).

#2 is for important internet stuff (internet banking, mmog accounts)

#3 is internet email accounts.

#4 is the highest priority, my office LAN account (when applicable, as the case may be).  

When I have to change one, I change all like accounts.  So if its time to change #2, I will go and change the pwd of all those accounts.  #1 I tend to not change unless I suspect a password has been compromised somehow, and even in that event I cant really see any cause for concern.

But this way, I dont end up playing the 'what the hell password did I use' game, and I end up having different passwords on things based on how important they are.

There are other ways to go, but as the man says, the best system is the one that works.

[oops]

Leet speak does have a purpose...thats what passwords have taught me anyway.

[Nakor]

This is a great freeware password DB program:

http://passwordsafe.sourceforge.net/

It supports "Auto type" so you can log into a lot of websites with just a click. It works great with Firefox, too.

Just be sure to make your db master password "strong".