Insecure passwords?

[f117nighthawk]

I got to chatting today with someone who said she's a former hacker. I told her about when my Hotmail and Yahoo accounts were hijacked. She told me that anyone running an unfirewalled computer is vulnerable to this because those passwords are stored unencrypted in the Windows Registry.

I did a search of the Windows Registry for my current Hotmail password, but couldn't find it. Does the Windows Registry store our passwords in an encrypted form? And how safe are my passwords? I would've thought XP would be a bit safer than 98.

[jerryctx]

The lady is yanking your chain. Both apps encrypt your password and both use a fairly secure algorithm.

However, no security is foolproof. As an example, if a Trojan is installed on your computer it can log all keystrokes including your password the next time you sign on to your mail service. If you have a firewall, that should prevent the Trojan from "calling home" however.

If the threat is closer to home (a relative or associate with access to your computer) there are other methods of attack, mostly related to the poor passwords most people use. In other words, its often easy to guess passwords.

There are "dictionary attack" programs that simply try every word in a dictionary. It takes only a few minutes. So don't use a real word. Try the initials of a phrase you can remember (eg, My Kingdom For A Horse = MKFAH), throw in a few numbers, and never use a password less than eight characters in length.

[f117nighthawk]

I ran checks for programs like that with my adware scanners, but neither found anything. Another thing is they could've just guessed what my password was. I was stupid enough to use a simple PW and used the same PW for all my accounts. I don't make that mistake anymore, I can tell you.