A few days ago, some hackers compromised an Apache server which contained a hash of each user's account password. A brute-force approach will reveal a number of the weaker passwords which the attackers will then likely use to compromise accounts on other popular systems like Gmail. The email was warning me to change all my passwords on the other websites where I use the same username/password.
"We (the Apache JIRA administrators) sincerely apologize for this security breach."At least they were sorry.
I know it's a real pain, but if you aren't using different passwords for different websites, start doing it now. It's much better than trying to clean up the mess after someone hacks your email, banking, and who-knows-what-else accounts.
Yeah, I couldn't agree more.
ReplyDeleteI use LastPass for storing my passwords in the cloud. It lets me access my passwords and automatically signs me in on any computer in which their plugin is installed. It sounds incredibly vulnerable but really its not that bad. They encrypt the passwords they store for you and they don't have the key, only you do. If you lose your key there is no recovery, but that just proves that your stored encrypted passwords are useless without possessing the key as well.
I have my passwords tattooed upside down on my chest. It's only a problem when I'm at the beach. ;-)
ReplyDelete