ThimphuTech was the first technology blog in Bhutan. We started writing it in 2009, just as broadband and mobile internet started to take off. (Although internet in Bhutan was launched in 1999, it was either super-slow or super-expensive, and was only used by a selected few).

In the blog, we wrote about technology and food, but also about plenty of other stuff. The blog became popular and influential in Bhutan. A companion bi-weekly column -- Ask Boaz -- was published for many years in the Kuensel, Bhutan's national newspaper. (The complete Kuensel columns are available as an ebook, Blogging with Dragons).

We stopped updating the blog when we left Bhutan in 2014, but the information within the posts can still prove useful, and thus we decided to keep it online.

We thank all our readers.
Tashi Delek,
Boaz & Galit.

Thursday, April 14, 2011

The importance of strong passwords

I've recently encountered more incidents of hacked email accounts in Bhutan. This time it was a Chinese spammer sending thousands of "you've won the lottery" fraudulent emails to unsuspecting recipients. Other hackers abuse email accounts by sending out emails of the infamous "Mugged in Pataya" type to the victim's contact list. And one can think of even more sophisticated ways of taking advantage of hacked accounts, especially if the hacker takes the time to delve into the victim's messages.

An account with a weak password is extremely vulnerable. Perhaps the password is the account owner's birth date or her kid or spouse's name. Often passwords are identical to the user name. Or they are "abc123", "123456", or simply "password". And hackers run programs that break into accounts by simply trying all the words in the English dictionary, so choosing "encyclopaedia" as a password is not good enough.

The problem with strong passwords, such as 6i8H*z12$ is that they are easy to forget. So here's my 3-step method of creating a password that is both strong and easy to remember:
  • Choose a word, name or phrase that will be easy to remember. Make sure it's not too short (at least 8 characters long). For example, if your village is in Samdrup Jongkhar, your phrase might be Samdrup Jongkhar
  • Now replace some letters in your phrase by the similarly-looking symbols and digits according the following list:
    • a → @
    • i (small "I") → !
    • l (small "L") → 1
    • o → 0
    • O → 0
    • s → $
    • S → $
    • x → *
    • Replace a space with %
  • That's it! The new phrase is your password. In our case it is $@mdrup%J0ngkh@r, which no hacker will be able to guess.