Replacing a Hacked Password

First, replace your old password!

Second, choose a password that can’t be guessed based on text in your emails!

Third, write down the password. Keep that piece of paper till you remember the password without looking.

OK, yes, you have to pick the password first, and you probably want to write it down once you pick it. But start changing your password now.

A hard-to-guess password

The simplest way to construct such a password is to use two words, the longer the better.

Since you’ve been recently been hacked, don’t use any words that may have appeared in your emails. The hacker may have harvested the emails you wrote, and may use them later to try to guess your new password. For example, pick two places that you have never visited, never plan to visit, and have never talked about visiting. Or pick two names of people you don’t know or ever talk about, or two types of plants, or two of something else. Longer words are best.

Once you’ve picked the two words, pick a digit to go between them. Almost every web site allows passwords to contain a combination of letters and digits.

If the password is too long, discard the extra letters. It’s best if the result isn’t a real word.

If the password needs to contain both upper- and lower-case letters, change one of the letters to upper case.

If the password requires punctuation (a “special character”) as well as letters and digits, pick a special character and stick it in a memorable place.

Writing the Password Down

For many people, the real risk to their computer systems come from remote hackers on the Internet, and not from people in their home, office, or community.

Once you’ve gone to the trouble to construct a strong password, most people aren’t going to memorize it without some practice. By writing it down, you allow yourself to practice remembering it each time you type it in. After a while you’ll find that you don’t need the piece of paper. At that point you throw it away.

The written password does pose a short term risk. If someone steals your wallet or purse along with your smart phone, they might find the password and exploit it. This is why you need to throw it away eventually.

Password Storage Software

A good alternative to writing the password(s) down is to buy software like LastPass, 1Password, Password Safe, and so on. These programs help you construct strong passwords and they provide you with a safe place to store them. I use “LastPass” myself, since it works on all my smart phones and desktops. In many cases it will enter the password for me when I enter a web site.

I generally use my computer’s “generate a password” feature to help build my passwords. If I never plan to type in the password myself, then I let it choose a really long, random password. If I’m going to have to type the password myself, then I use it to construct a “starter” password which I then modify or embellish so that it isn’t too hard to type and it meets the site’s password requirements.

Is my new password unhackable?


There is no such thing. There are many ways to steal a password. Some cryptanalytic attacks use trial-and-error guessing on giant lists of words. It is very hard to protect against such an attack, though this type of password protects against the easiest of such attacks.

Often a password is stolen as you type it in, either from your computer or from the server you visit. The most advanced password selection in the world won’t protect you from such an attack. Here are the only ways you can protect against such attacks:

  • Keep your own computer safe by keeping the system up to date with the latest updates, and by running antivirus software.
  • Avoid visiting web sites that are poorly managed or maintained. These are the ones most likely to be hacked, although even the best sites can fall to a sophisticated attack.
  • Use different passwords for different tasks. Email should have a different password from banking. However, keep in mind that a clever attacker might use a hacked email account to break into your bank account by telling the bank to reset your password via email.

Avoiding such things is like avoiding a robbery or other crime: it depends partly on caution and partly on luck. If you’re in the wrong place at the wrong time, bad things may happen.