Someone hacked into Sarah Palin's Yahoo mail account. It may not have been the smartest thing in the world for anyone to conduct state business on an outside, public mail service but it's still a reprehensible deed to rummage around in someone else's mailbox.
Apparently, the hacker got in because Governor Palin's account had "security questions" that were very easy for a stranger to guess with a little research. This does not surprise me.
Back in the days before we were all happily Internetting, some of us communicated via things called Computer Bulletin Boards, linked in via lethargic dial-up phone modem connections. At the time, it all seemed so futuristic and amazing that flying cars were the inevitable next step. Now, when I write about BBSystems, as we called them, it feels like I'm telling young whippersnappers about how I used to have to handcrank the family automobile machine to get it started.
I operated a couple of Computer Bulletin Boards and the software was very unsophisticated. Most of it made all private correspondence visible to the guy in my position, the System Operator. I had to actively try not to read everyone's mail and caution people that it was not impossible I'd get a glimpse of that which they wished no third party to see. When a new member signed up for the board, I had to approve his admission…and the computer screen on which I did this showed me the password he'd selected to use on my system. That might seem like no big deal but most people used the same password on every computer system. Some of them were even using their ATM Personal Identification Numbers or some other code to which I should not have had access.
As far as I know, this is no longer the case with the message boards and private groups we join on the Internet. But back then, the potential for mischief and larceny was immense.
It was also pretty simple to guess someone's password. We had a lot of comic book writers on my first BBS and about a third of them selected as their password, the name of a character with which they were associated. My pal Steve Gerber, creator of Howard the Duck, used HOWARD as his password until he learned better. Penn Gillette of Penn 'n' Teller fame (or at least, someone claiming to be Penn) signed in with a password that I could have guessed if given five tries.
But the big, easy one was DRAGON. Of the first hundred professional writers who signed onto my first BBS, around a dozen used DRAGON as their password. I don't know how you figure the odds on that or why that word came to so many minds. Only one of them was involved with the Dungeons & Dragons cartoon series.
Once, a member phoned me up and said, "I've lost my password. Can you look it up and see what it is?" I asked, without looking anything up, "Might it have been DRAGON?" They said, "Yeah, that's it. Thanks." Later, on a Bulletin Board for folks who operated Bulletin Boards, someone compiled a list of obvious, overused passwords. DRAGON was number one, followed closely by SWORDFISH, DROWSSAP, the person's own name backwards and various cusswords. One person who operated a Muppet fan site announced that if he didn't stop them, 90% of his users would have KERMIT, FOZZIE, GONZO or some other popular Muppet name as their password.
When people hear today that an account or website has been "hacked," they imagine that some person with vast technical expertise has exploited a wormhole in the system and found some terribly complicated but effective method to get in. That does happen but an awful lot of "hacking" simply occurs because someone used an obvious password…or used it in too many places.
So protect your passwords and don't use anything that's even remotely associated with you. (For that matter, don't use a real name or word. Make up something that isn't in the dictionary and insert a couple of numbers into it.) And if your password anywhere is DRAGON, for God's sake, change it. This means you, Sarah.