All Those Stolen Passwords - What Does It Mean To You?

The revelation that over a billion passwords have been stolen by a Russian crime ring is causing a ruckus on several levels. First, it seems like its more of a case of which of us did NOT have our account information stolen with such huge numbers. Also, the nature of the revelation has raised some other issues on the motives (or at least the timing) of HoldSecurity, the company who raised this alarm. So, what should be the takeaway for the rest of us?

First, the 1.2 billion number may be a bit misleading, although the actual number of live accounts is still shockingly high. This type of theft is an ongoing phenomenon, we just learn about it in waves.

Second, we apparently can't rely on the "good guys" keeping this sort of data safe - many of these accounts were grabbed using "SQL injection", which is a well-known technique that can be mitigated against, but seems to not be getting the attention it should.

Third, and I submit this is the most important thing: assume your account information may be stolen at some point (if it is not already) and make a strenuous effort to NOT reuse passwords. If you DO use the same username or password across multiple sites, you open yourself up to having more than one of your accounts hacked - think about it.

If your complaint is that you can't remember a bunch of usernames and passwords, then consider using a password safe of some kind - these allow you to use a master password to access all your information, and in effect you don't have to remember all the other usernames and passwords.

No comments :