Tuesday, April 13, 2010

Bad idea: Using the same password on multiple websites

I just received an email today that reminded me why it's a very bad idea to use the same password on multiple websites.

A few days ago, some hackers compromised an Apache server which contained a hash of each user's account password. A brute-force approach will reveal a number of the weaker passwords which the attackers will then likely use to compromise accounts on other popular systems like Gmail. The email was warning me to change all my passwords on the other websites where I use the same username/password.
"We (the Apache JIRA administrators) sincerely apologize for this security breach."
At least they were sorry. wink

I know it's a real pain, but if you aren't using different passwords for different websites, start doing it now. It's much better than trying to clean up the mess after someone hacks your email, banking, and who-knows-what-else accounts.