Recent Features
| |||||||||||||
8 million leaked passwords connected to LinkedIn, dating website (ars technica)8 million leaked passwords connected to LinkedIn, dating website (ars technica)Posted Jun 6, 2012 20:16 UTC (Wed) by liw (subscriber, #6379)In reply to: 8 million leaked passwords connected to LinkedIn, dating website (ars technica) by cjb Parent article: 8 million leaked passwords connected to LinkedIn, dating website (ars technica)
Don't reuse passwords. Use a password safe program so it's mostly painless to have a unique, strong password everywhere.
(Log in to post comments)
8 million leaked passwords connected to LinkedIn, dating website (ars technica) Posted Jun 6, 2012 20:21 UTC (Wed) by hitmark (guest, #34609) [Link]
That relies on being able to keep the data files storing all those passwords safe. And not just from outside threats but also hardware and software failure.
8 million leaked passwords connected to LinkedIn, dating website (ars technica) Posted Jun 6, 2012 20:24 UTC (Wed) by ms (subscriber, #41272) [Link]
Then use something like oplop.
8 million leaked passwords connected to LinkedIn, dating website (ars technica) Posted Jun 6, 2012 20:47 UTC (Wed) by drag (subscriber, #31333) [Link]
> That relies on being able to keep the data files storing all those passwords safe. And not just from outside threats but also hardware and software failure.
If a attacker has access to your user account then they have access to your passwords. It doesn't matter if you type them in, use encrypted store on a keyring, a spreadsheet on a truecrypt encrypted USB drive, ssh private public keys, have your browser store them, or use a plain text file at ~/.secret. If you use it and can access it from your user account then the attacker can access it too.
Really, though, using a password management mechanism of some sort is extremely advantageous. Once you stop needing to memorize your passwords it's very easy to use unique, long, and very random ones.
8 million leaked passwords connected to LinkedIn, dating website (ars technica) Posted Jun 7, 2012 0:06 UTC (Thu) by flammon (guest, #807) [Link]
I use Revelation for that and have a few backups of the file on different systems.
8 million leaked passwords connected to LinkedIn, dating website (ars technica) Posted Jun 7, 2012 14:45 UTC (Thu) by proski (subscriber, #104) [Link]
I use Revelation too and I'm looking for an alternative. The problem with Revelation is that it keeps all data in one binary file. There is no automatic way to merge changes made on different systems.
8 million leaked passwords connected to LinkedIn, dating website (ars technica) Posted Jun 7, 2012 14:44 UTC (Thu) by NAR (subscriber, #1313) [Link]
I've downloaded Bruce Schneier's password manager, used a new safe password, added some passwords to the tool - and the next week when I tried to access it, I forgot the master password :-( The problem of rarely used password.
By the way, currently I need two passwords (disk encryption, login) on my windows laptop to get to a point where I can start the password manager. Life sucks.
Don't reuse passwords Posted Jun 7, 2012 11:34 UTC (Thu) by dskoll (subscriber, #1630) [Link] Absolutely, one should never use the same password for two different sites. I go in assuming that web sites are ripe for compromise (present company excepted, of course!) so to contain the damage, I use long (16 character or more) randomly-generated passwords. I only use shorter ones for the occasional broken web site that won't take such a long password. And like others, I use a password keeper to store my passwords. I only need to remember the master passphrase. True, a hacker who has access to my computer could steal my passwords. But my one little desktop computer presents a much smaller vulnerability surface than a bunch of high-profile web sites, so I think the tradeoff is worth it.
Don't reuse passwords Posted Jun 12, 2012 0:35 UTC (Tue) by nevets (subscriber, #11875) [Link]
> Absolutely, one should never use the same password for two different sites.
Why not? I have the same password for facebook and google.plus. I have the same password for LWN and /. (but different than FB and G+, and now the LWN admins know my /. account ;-)
And I use the same password for all those stupid 'register here' crap (NY Times, etc). Thus if you break into one of my accounts for posting on a news site, you can pretty much post as me on all news sites.
But do I really care? No.
My bank password is unique, my VPN password is unique, basically I have a separate password for every thing that actually matters. If I had a linkedin account (which I don't and delete once a week a new 'invite'), it probably would have been the same as my FB account, or my news account. Thus this break-in would only allow the attacker to mess with my virtual identities but not any of my real ones.
Don't reuse passwords Posted Jun 12, 2012 19:12 UTC (Tue) by hummassa (subscriber, #307) [Link]
> Why not? I have the same password for facebook and google.plus. I have the same password for LWN and /. (but different than FB and G+, and now the LWN admins know my /. account ;-)
_Now_ G+ admins and FB admins know your account on each other...
|
|||||||||||||