How and why does this happen?
Bruce Schneier is a revered computer
He was kind enough to fill us in on the details surrounding how hacks like these are possible.
How a Twitter account gets hacked
A person attempting to break into an account isn't hunched over a keyboard typing guessed password after guessed password until something works. He'll use a password cracker.
A password cracker is a piece of software that employs a technique to guess passwords much more quickly than a human ever could. The two most common approaches are the "brute force method" and the "dictionary method." While the dictionary method simply tries every word in a dictionary until it works, the brute force method tries every possible combination of characters (including numbers and punctuation) until something works.
Brute force will always eventually reveal the password, but it might take a long time.
Cracking software is only getting better, as Schneier explains on his blog:
"It's not just computing speed; we now have many databases of actual passwords we can use to create dictionaries of common passwords, or common password-generation techniques. (Example: dictionary word plus a single digit.)"
And as the cracking software gets better, the passwords get weaker and therefore easier to hack.
What Twitter can do to help protect its users
We asked Schneier if Twitter could implement a two-step verification login system (which Google's been using for a long time now). He said, "Yes, but usability is the most important consideration here. Twitter wants people to use their system, not be annoyed by the security."
Strategies to come up with your own secure passwords
click to view large
Who better to ask for password advice than a security expert? Schneier actually endorses the above comic, saying it's "a good method."
Schneier's personal strategy is to use an open source program of his own design called Password Safe that generates super-secure passwords based on a string of text that you input.
You can use it yourself! It's free and you can read the details on it right here.
The future of security
My thought was that as computers get more powerful, that will make it easier to crack passwords in the future, but Schneier was quick to set me straight: "I'm not sure increased computing power has anything to do with it."
He suggests that the biggest threat to computer security is complexity. As he put it, "the internet and all the systems we build today are getting more complex at a rate that is faster than we are capable of matching. So security in reality is actually improving but the target is constantly shifting and as complexity grows, we are losing ground."
The bottom line
Your email, Twitter, and other accounts are only as safe as your password is secure. Be smart as you pick them. Use the methods described above – they come endorsed by a leading cryptographer and technologist.
He's quite literally giving you the tools to keep your data as secure as he does.