ElDiabloConCaca
U.S.D.A. Prime
This is taken from another thread I posted in, but I believe it contains valuable information about making up a strong password that is not easily guessed (or "hacked," as some like to misrepresent it):
I don't mean to come off sounding like a naysayer, but someone guessing a weak password should not and is not considered "hacking," nor does it matter whether or not you use Windows, Mac, Linux, UNIX, DOS, BeOS, or any other flavor of operating system in this case.
Hotmail is available to everyone, regardless of platform, so the type of computer you use has absolutely zilch to do with the "hacking" of a Hotmail account.
A weak password is usually the culprit, as many here have found, and exploiting a weak password is the simplest of "hacking" techniques, though it can hardly be called "hacking." Your Hotmail password was simply guessed by someone -- it was not "harvested" by malware installed on your Mac.
It does sound like Hotmail tech support is handing out canned answers to common problems:
"Someone hacked into my account!"
"Well, that's because more than likely you're infected with malware."
I think, more than likely, that Hotmail accounts that have been compromised have been compromised because people choose extremely poor passwords, or use the same password across multiple sites -- both extremely unintelligent things to do, like using the exact, same key for your house, car, boat, lockbox, safe, and safety deposit box. Once they have one, they've got them all because little to no precaution was taken to protect anything.
This happens quite frequently (in fact, more frequently than it should, simply because of laziness). It's akin to building a fortress, complete with a moat, motion-sensing sensors, motion-sensitive lights, laser beams, crocodiles, sharks with lasers on their heads, spike pits and banana peels strategically placed throughout said fortress, then putting a plastic Fisher-Price lock on the front door -- rendering every other security precaution moot. A weak password is the weak-link "chink" in the armor that the sword passes through without effort: all that protection for nothing.
Lessons learned:
1) Don't use a weak password. Ever. At all. At any time. For anything. Use a password that is at least 8 characters long, and includes both upper- and lower-case letters, numbers, and symbols. The 8-character requirement is because even with the super-est of super computers on the planet, all put together, all working in unison, it would take more years than you will live and your children will live to go through all the possible combinations of letters, numbers and symbols. It is programmatically infeasible to guess a strong, 8-character password in any reasonable amount of time. With 7 characters, you're talking a day -- maybe hours. 6 characters takes minutes. 5 characters would take seconds. You get the drift.
2) Don't use the same password for two different ANYthings. "But I can't remember all those passwords!" Tough titty. Get over it. Get a better memory. Get a piece of paper and a pencil. Get something.
3) Your password should change, at the very minimum, twice a year, and ideally once a month. Yes, it's tough to remember all those new passwords. No, no one has sympathy for you. If that's the toughest thing you have to do to protect your sh*t online, well, I'd say that's a pretty easy life you've got going there.
4) There are no malware/viruses/trojans for Mac OS X that "harvest" Hotmail password nor spies on your keystrokes. At all. In existence. That's not the culprit, no matter what the boneheads at Hotmail tech support say.
A good password is something like, "Gg6y(0!h54".
A horrible password is "JLH_1976". That's my initials and my birth year. An equally pathetic password would be "1J9L7H6", for very obvious reasons. Choose a password that is gibberish -- has absolutely no meaning -- no significant dates -- no initials -- nothing that means anything to you at all. If you can remember the password without having typed it several hundred times, you have chosen an inferior, pathetic and lazy password.
Right now, we should all be hearing each other's feet scrambling out the door to the nearest password-protected website to change our passwords, once again.
[End rant]