You used a shitty password
Passwords are hard, and losing your primary email can pretty much stop your life as you attempt to regain control. Luckily, there is a lot you can do to keep yourself from becoming the low hanging fruit. After this section, not only will you be able to protect yourself, but you’ll be able to share this with others.
- Read this: http://www.passwordanalytics.com/theory/passwords/
- Read Passwords 101 and submit one example each of the three ways you authenticate yourself.
- Read Good Passwords 101 and submit a description of what makes a good password
- Read Strength 101 and submit a description of what makes a strong password
- Read Pass-Phrase and describe how pass phrases balance being a good password and a strong password.
- Read Cracking and explain which technique an attacker would use to attack a password that they knew to be 6 random alpha numeric characters
- Read Cracking and explain which technique an attacker would use to attack a password that they knew to be three random words added together.
- Read this and follow interesting links: https://web.archive.org/web/20170704130144/https://www.usna.edu/CyberDept/sy110/lec/cryptHashPswd/lec.html
Here is a brief experiment for you to try. Try to make a rough guess how many web sites you use on a regular basis use your primary email as their account recovery address. Now, try to think about which of those sites are the most important to you that they remain secure; social media, banking, other email accounts. Now think of the sketchy sites you reuse the same password on. If those sketchy sites are breached, and the attacker gets your password, they can try it against your email. If they get your email, they can use it to take your other accounts. This is called "password stuffing".