http://www.telegraph.co.uk:80/et?ac=000154642417163&rtmo=aua69d9J&atmo=99999999&pg=/et/99/5/6/nhak06.html

ISSUE 1441, Thursday 6 May 1999

Free e-mail 'wide open to hackers', By Robert Uhlig

THE most popular free web-based e-mail services are vulnerable to snooping and interference by hackers, according to Internet security specialists.

Microsoft's Hotmail, Yahoo Mail and Excite Mail all fail to provide a basic security feature normally used to keep out hackers and snoopers. They allow users an unlimited number of attempts to log on, rather than locking them out after a couple of attempts if they get the password wrong, the experts said.

Ira Winkler, president of the Internet Security Advisers' Group, said this allowed hackers to use "an automated dictionary attack", which tries vast numbers of different passwords until the correct one is found.

Hotmail tightened its security in response to the ISAG's findings. Yahoo has also made changes and Excite is believed to be considering the matter but other free e-mail services could still be at risk.

-- Old Git (anon@spamproblems.com), May 05, 1999

Answers

Use a good password and you don't have to worry too much. "Good" means, number one, it's not a word in the dictionary, and it's at or near the maximum length they allow. I'll use either nonsense syllables that I can remember phonetically, or an acronym of a phrase I can remember.

-- Shimrod (shimrod@lycosmail.com), May 06, 1999.