Atlantic Wire has five good password tips. Here’s the first:

Rule 1: Six characters is too always too short. The very easiest and the first thing all of Arss hackers did was guess your super weak six character passwords, via whats called a “brute force” attack. See, the most successful of the hackers, Jeremi Gosney, a password expert with Stricture Consulting Group, hacked 62 percent of the list in sixteen minutes because thats how easy it is to guess a code thats just six letters long.

via The Easiest Ways Not to Get Hacked – Rebecca Greenfield – The 

The Verge reports on an ugly development, a company that had failed to secure its data threatening to sue the reporters who wrote about their failure. Sounds something like a SLAPP (Strategic Lawsuit Against Public Participation). If I were the judge on such a case, I would hesitate about 10 seconds before imposing Rule 11 sanctions on any lawyer bringing such a suit:

After being made aware of a large and potentially costly privacy breach exposing more than 170,000 records containing Social Security numbers and financial information, the two companies responsible for the blunder are threatening legal action against the journalists that uncovered it. The companies’ lawyers claim that by using “automated means” like the Wget command-line utility to download the records instead of an ordinary web browser, the “hackers” have violated federal cybersecurity law and should expect to be held liable for any financial damages that result.

via Telecom companies threaten to sue reporters for uncovering privacy breach with Google | The Verge.

A bad phishing experience prompted a CNET writer to come up with an interesting plan to consolidate contact lists to reduce the chance of similar problems:

The contact-list hijacking got me thinking about the best way to prevent a recurrence. Because part of my job is testing e-mail, I have more accounts than I need, including three different Gmail accounts, two Outlook.com accounts one the former Hotmail account, a Yahoo Mail account, and accounts with two different ISPs.

All the Web mail accounts had contact lists, although I had already deleted the addresses from Hotmail. In an attempt to reduce the overall risk, I ditched the duplicates and consolidated the contacts into a single address book. By removing the contact lists from the Web mail accounts and switching my primary address from Gmail to an ISP address, there would theoretically be only one point of access to the addresses.

In terms of functionality, theres not much difference between Web mail and ISP mail, although there are some trade-offs. For example, my ISPs mail system lacks Gmails options for managing your inbox and contact list. On the other hand, the ISP mail window is ad-free.

Some people claim Gmail and other Google services constitute a privacy threat, but most experts consider the risk minimal, especially compared to the privacy threats posed by such industries as banking and health care, not to mention the government.

To convert the Gmail, Yahoo Mail, and Outlook.com accounts to receive-only, I forwarded their incoming mail to the ISP account. I use the ISP address to reply to most messages and to send new messages, so that’s the only account that needs a contact list.

There’s no guarantee the ISP account wont be hacked at some time, but reducing the number of occurrences of each contact narrows the target for phishers.

via Deter phishing attacks by consolidating your contacts | How To – CNET.

The author goes on to explain how he went about reducing the risk. It seems like you could get a comparable security improvement by consolidating in the account you considered safest, not necessarily an ISP account.