Just in case you were wondering whether you should change your email password to something a wee bit more random, I have a story from a friend. We’ll leave her anonymous for now.
After ten years on Yahoo, someone stole her account. How? She doesn’t know, but I can think of a few ways. Maybe she checked her mail from a public terminal and accidently let it store her password; maybe she checked her mail from a public terminal that was set to store passwords by default for the explicit purpose of aggregating login information; maybe she used an unencrypted wifi connection and didn’t use the secure signin (https); maybe she used a poorly encrypted wifi connection. Maybe her password was in the dictionary or otherwise entirely crackable.
In ten years, she hadn’t ever changed her password, so who knows when or where she shared it. Someone got ahold of it, though, logged into her yahoo account and changed her password, locking her out. This was frustrating enough on its own–she couldn’t get to a decade’s worth of address book–but this is where it gets alarming: whoever it was who hijacked her account has apparently been sending desprate emails to various recent correspondants, claiming to be broke, lost in the UK and in desperate need of a cash wire to get back home.
If you dont know, now you know. Happy secure password month.