How to Find Out if Your Account Was Hacked at a Gawker Site (Lifehacker, Gizmodo, etc.)

All sane web sites use digest algorithms like MD5 or SHA1 to store passwords. That means they store a checksum of sorts. You can think of it as adding up the character values of all characters in the password and just storing that sum. Of course the actual algorithms used are a lot more complex, to make it extremely expensive (computationally) to come up with a password that generates a certain known checksum. Whenever you type your password, the site calculates the checksum for the password you typed, and compares the calculated checksum to the one stored in the user database. If they match, they let you in. You could get away with typing a different password which happens to generate the same checksum as your actual password, but the chance of that happening is typically less than 1 in 10^36.

The most effective way to attack this kind of database, is to write a program which makes educated guesses for passwords, like trying all words in a dictionary, possibly adding a 1-3 digit number at the end. For reasonably short passwords, you could also try a brute-force attack, which means you try all possible combinations of the characters people are likely to use in a password (or all possible characters, but that takes a lot more time).

To create a good password, you need to make sure it’s not in any dictionary that anyone has access to, not even a hacker slang word list. Some of the characters also need to be capital, and not just the first one. You should add digits and special characters, and not just at the end. And it mustn’t be too short (At least 8 characters is recommended). Also, don’t use the same password for different sites. Some of the sites you visit WILL get hacked, and if they manage to crack your password at one site, and have your email address, they could soon be logging into your accounts at a lot of other sites too.

To keep track of all your different account names and passwords (and to remember which accounts you have opened!), you probably need a software to store all this information in an encrypted form. You then use a really good password to protect it. That personal account/password database probably should be kept offline, in your phone perhaps.