Oct 7, 2009

Disturbing Password News

Over the last week there have been many reports of how tens of thousands of email addresses from MSN, Yahoo, AOL, Google, Comcast and Earthlink have been compromised in what is believed to be a large scale phishing operation.

Today, an analysis of the leaked passwords was released and published by Wired:
A researcher who examined 10,000 Hotmail, MSN and Live.com passwords that were recently exposed online has published an analysis of the list and found that “123456″ was the most commonly used password, appearing 64 times.
This is extremely disturbing, but what is equally disturbing are results about password-reuse recently published by Tim Nash, an Information Architect:
A scary 92% of people use the same password across all websites including their email accounts.
What most people don't realize is that if you lose control over your email account, then you've effectively lost control over ALL of your accounts. Once your email account has been compromised, a hacker can easily use the 'password reset' feature for all of your other accounts
to gain exclusive access to them. If you use the same password across multiple sites, then all of them are only as secure as the least secure site: an attacker simply has to break the weakest link in the chain.

Here are some tips to help protect yourself in the future:
  • Use a password manager like LastPass to generate complex-secure-random-unique passwords for all of your accounts
  • Never click on links within emails to open websites - always manually type the URL in the browser search bar or find it using a Search Engine
  • Avoid using untrusted computers or networks to access your critical accounts
  • Change the password to your critical accounts routinely
If you use LastPass as your password manager, consider increasing security
by using LastPass One Time Passwords. LastPass Premium members can also use a YubiKey, and/or LastPass Sesame to gain the benefits of multifactor authentication.