Never Get Hacked-- Chances Are, You Need to Read This!

Services for Real Estate Pros

hackerSometimes, people on AR email me and ask me for simple help. I don't mind helping people out, and if I can take a look at their Google+ page or maybe adjust something on their ActiveRain account, I usually do it.

People send me their passwords, which is fine, but I just ask that they change it as soon as I am done.

But folks, many of the passwords I get-- no, most of the passwords I get-- are pretty bad. This is no lie, and I'm not going to embarass anyone of course, but one very prominent ActiveRain blogger that I've known for years sent me his password and guess what it was?


Yep. His password was "PASSWORD"-- and this was for his main site. I asked him if he made that for me, and he'd change it back, but he said "nope, that's my password."

Sure, he put it in all caps, which is a little tricky, but not quite tricky enough, if I may say so.

If you're laughing at this particular gentleman, you might want to stop laughing, because you might be next!

I hear people tell me all the time: "My email was hacked" or "My Facebook was hacked" or whatever. I don't want to hurt anyone's feelings, but we aren't big enough targets to be "hacked" by anybody using real hacking tools. There are ways to hack a password using what's called a brute force attack, but it's highly unlikely that anyone reading this article is important enough to warrant that kind of attack- so I'm going to explain how you, or your friends, or anyone who has ever told you that they've been "hacked" has been hacked.

1. This is huge; if you follow this one, you will probably never be hacked: Don't use the same password on more than one site or for that matter, one "thing", ever.

Let's say I set up a website and I offer something free. And it's a really nice website too- a total first class job. I offer you free downloads and all kinds of fantastic stuff if you sign up for a free membership. Just like ActiveRain for example. Or Vimeo-- pick a site.

And you give me, or my coworker, or maybe my staff-of-a-thousand the same password that you use for your bank. Or something so similar, someone could figure it out. You use Vanilla8346 for AR, but vanilla8346 for your bank. Oooh, tricky!

Never, ever use the same password from site to site. Not ever. If you follow this rule, you probably won't ever be hacked. But let's continue on the less likely.

2. Just about 20 minutes ago, somebody here on ActiveRain asked me to login to their Google plus profile to take a look around. This particular Realtor had taken the extra (and very smart) precaution of giving Google her telephone number for "2 step verification". You can read about that here.

Google asked me, "Is that really you RealtorName? Please verify your telephone number."

I was trying to work fast, and I didn't want to wait for the Realtor to email me back, so I went to their public ActiveRain profile, saw her cell phone number, gave it to Google, and I was in. Easy peasy lemon squeezy. So much for 2-step verification. It doesn't work if you give Google a cell phone number that everyone has.

3. This is the least dangerous, but it's still dangerous: You do use different passwords, but you make them all "easy to remember."

If someone was paying me to hack into your account, which of course, I would never do...this is how it's done. This is a ridiculous scenario for someone who is not a politician or a public figure, but it could be used on a Realtor or a mortgage broker too, I suppose.

The first thing I'd want to do is find out as much about you as I can.

I'm going to go to Facebook and get your birthdate. You don't display the year? Keep it, there are only a small amount of years that you could be born in-- I'll just try them all. I'll also go to LinkedIn and see where you graduated; I need all and any information I can get.

I'm going to get your kid's names, and your spouse's name. I'm going to get their birthdays too. I'm going to take note of your favorite bands, hobbies and anything else that you make public. I might have a wealth of information (because maybe you are an open book on the internet), or I might just get a little information.

I take that information and feed it into a "brute force" type password hacking tool and then I go to sleep. The program will start with those keywords. If you use your husbands birthday and some random word-- like peanuts040971-- and there is no connection to peanuts in your life-- that's good, but it's still an English word and the program will eventually guess it, long before it moves on to straight random characters.

A brute force hacking attempt always guesses real words first.

I recommend a password storage system and random characters. All of my passwords, including ActiveRain, look something like this: aHs34-!-5F&#t5g

I just mash my hands into the keys and then store the password on my computer, which is backed up locally. I couldn't tell you what my ActiveRain password is if you threatened me with torture. I just copy and paste when I login. Sure, I'm over-cautious, but I don't want to be hacked.

I can't vouch for it, but I heard RoboForm for the PC is good. But again, I've never used it.

On my Mac, I use DataVault Password Manager, located in the app store.

But I've probably already told you way too much...

Posted by

seo guru

Comments (100)

Jan Green
Value Added Service, 602-620-2699 - Scottsdale, AZ
HomeSmart Elite Group, REALTORĀ®, EcoBroker, GREEN

GREAT BLOG!  I know that several of us could use this lesson!  Read every word with interest. I'm sure you'll create some clients this way!

Aug 23, 2012 12:10 PM
Demarco & Marisa
Remax Kings Realty - Riverside, CA
"The Choice is Clear!"

Wow! My next assignment is to change my password(s). Good info, but yet another thing for us to manage. ~Marisa

Aug 23, 2012 01:22 PM
Dennis Duncan
Los Angeles, CA

Great tips here.  Much appreciated.



Aug 23, 2012 04:38 PM
Karen Berg
Queen Creek Realtor, San Tan Valley Realtor, United Brokers Group (602)919-2375 - Queen Creek, AZ
Experience Matters!

Thanks so much for the tips!   Now that I am scared to do you store them if you use several computers like a netbook, I Pad and notebook?

Aug 24, 2012 12:06 AM
Sharon Tara
Sharon Tara Transformations - Portsmouth, NH
New Hampshire Home Stager

Just made some changes...thanks for the great advice and congrats on the Feature!

Aug 24, 2012 02:05 AM
Elisa Uribe Realtor #01427070
Golden Gate Sotheby's International - Oakland, CA
Opening the Doors to California Homes -East Bay

Wow, what an education I just got. Time to make a few changes to a few sights:) thank you

Aug 24, 2012 03:52 AM
Ginny Gorman
RI Real Estate Services ~ 401-529-7849~ RI Waterfront Real Estate - North Kingstown, RI
Homes for Sale in Southern RI and beyond

Michael, my web site was hacked last year so i know what it is like to have to recreate things even with back scared me again enough to go change my passwords to be a bit more complicated.  You are so right...i didn't make 2 the same!

Aug 24, 2012 08:42 AM
Dorie Dillard Austin TX
Coldwell Banker Realty ~ 512.750.6899 - Austin, TX
NW Austin ~ Canyon Creek and Spicewood/Balcones

Good morning Michael,

I missed this post but caught it on Kathy's Sunday Ah-ha moment post this morning. Excellent tips..definitely time to make some changes!!

Aug 25, 2012 10:00 PM
Kathy Streib
Room Service Home Staging - Delray Beach, FL
Home Stager - Palm Beach County,FL -561-914-6224

  Thanks for the Ah-ha moment!
Featured you in my Weekly Post!

Aug 25, 2012 10:36 PM
Bruce Walter
Keller Williams Realty Lafayette/West Lafayette, Indiana - West Lafayette, IN

This is great information, Michael.  I do see where I need to change a few passwords(I do have different ones for different accounts.)  Thanks!

Aug 25, 2012 11:24 PM
Cindi Susi
Keller Williams at the Beach - Lewes, Delaware - Lewes, DE
Thanks Michael. I always try to be sure to use letters, numbers and characters in my passwords. The tough part is remembering all of them.
Aug 25, 2012 11:42 PM
Tom Arstingstall, General Contractor, Dry Rot, Water Damage Sacramento, El Dorado County - (916) 765-5366
Dry Rot and Water Damage Mobile - 916-765-5366 - Placerville, CA
General Contractor, Dry Rot and Water Damage

Great information on the passwords Michael.

Is "abc123" good?  Just kidding.

Aug 26, 2012 01:04 AM
Melissa Marro
Keller Williams First Coast Realty - The Marro Team - Orange Park, FL
Jacksonville Real Estate and Home Staging

It was great to see Kathy feature this as part of her weekly what I learned on Active Rain this week. I think it's a must read for most of us. 

Aug 26, 2012 01:59 AM
Mel Ahrens, MBA, Kelly Right Real Estate
Kelly Right Real Estate - Hood River, OR
Customized Choices for your Real Estate Needs

Very good info and reminder for all of us. I try to make my passwords hard to break and different ones for everything, but I keep forgetting them. I like the sites that let you reset the password using secret questions that I can always remember (like my first pet etc).


Aug 26, 2012 04:42 AM
Susan Neal
RE/MAX Gold, Fair Oaks - Fair Oaks, CA
Fair Oaks CA & Sacramento Area Real Estate Broker

Hi Michael - I did have to laugh because I have heard from several anti-hacking experts that the most common password is PASSWORD, and the second most common one is 12345678.  A reformed hacker who spoke at an event I attended said that most hackers will start with those two first, before they try anyhting else.

I use nonsense combinations of letters and numbers, with some caps and some not, and I have over a dozen different ones, and I also have over a dozen user names.  I use the same ones over and over, but in different combinations. I can remember them all, but sometimes I don't remember which matches up with which, so I have a cheat sheet stashed in my home, rooms away from my home office.  I don't trust putting them all on line for fear that will get hacked.

Aug 27, 2012 05:17 AM
Sharon Parisi
United Real Estate Dallas - Dallas, TX
Dallas Homes

Michael, this is important information that we all need to pass on.  It sounds like there are many hackers who enjoy research and many people who are clueless about the importance of using secure passwords.

Aug 27, 2012 02:50 PM
Joan Whitebook
BHG The Masiello Group - Nashua, NH
Consumer Focused Real Estate Services

Great advice, but how does one "remember" the password for each site?  Help.

Aug 31, 2012 12:07 PM
Pete Xavier
Investments to Luxury - Pacific Palisades, CA
Outstanding Agent Referrals-Nationwide

I need to step up my own security.

I hear Windows 8 will have a better security upgrade.

Aug 31, 2012 12:12 PM
Sheila Anderson
Referral Group Incorporated - East Brunswick, NJ
The Real Estate Whisperer Who Listens 732-715-1133

Good morning Michael. Ron Mardshall sent me over and I'm glad he did. Very informative. Thanks so much for the great tips.

Aug 31, 2012 09:55 PM
Wayne B. Pruner
Oregon First - Tigard, OR
Tigard Oregon Homes for Sale, Realtor, GRI

Thanks for the advice. I need to change up my passwords, but there are so many places where you need one!

Nov 20, 2012 12:35 PM