One of the big internet media companies (Gawker Media) had a their user database of usernames and passwords leaked this weekend, including one of my favorite sites http://lifehacker.com. I hope none of my dear readers usernames or passwords were leaked (like mine was), but it goes as a lesson that this could happen to anyone. The lesson to be learned is:
don’t use the same password on multiple sites
and when creating a password, use a strong password, containing letters, numbers, symbols, or is really long (>20 characters). "Pass phrases" are best like "letsgetsomeicecream" or at least multiple words like "blackkeyboard". Some suggest using motivational phrases to remind you of things, like "drinkmorewater" or "exercise20minutesdaily". Single words, parts of your name, simple numbers etc can be hacked in just minutes. When a leak like this occurs, the world has access to your username and password. If you use that password anywhere else they have practically instant access to all other sites you use that password on, like your bank, facebook, email, etc.
Here is some interesting reading on the topic:
This is written to inspire the reader to think more securely and update insecure passwords so it doesn’t happen to you. Remember, in today’s age of computers your username and password will be leaked, it’s like having your hard drive crash and losing all the data on it… it will happen you to, it’s just a matter of when, so be prepared now.
p.s. In my case I use a separate password for every site, usually multiple words phrases with numbers and symbols too so the leak didn’t cause any personal damage.
p.p.s. If you create websites, store and enforce passwords properly, see these links to learn more: Dictionary Attacks 101, Smart Enough Not to Build this Website, Rainbow Hash Cracking, and Using Salt Tables.