LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Don't reuse passwords

Don't reuse passwords

Posted Jun 7, 2012 11:34 UTC (Thu) by dskoll (subscriber, #1630)
In reply to: 8 million leaked passwords connected to LinkedIn, dating website (ars technica) by liw
Parent article: 8 million leaked passwords connected to LinkedIn, dating website (ars technica)

Absolutely, one should never use the same password for two different sites.

I go in assuming that web sites are ripe for compromise (present company excepted, of course!) so to contain the damage, I use long (16 character or more) randomly-generated passwords. I only use shorter ones for the occasional broken web site that won't take such a long password.

And like others, I use a password keeper to store my passwords. I only need to remember the master passphrase.

True, a hacker who has access to my computer could steal my passwords. But my one little desktop computer presents a much smaller vulnerability surface than a bunch of high-profile web sites, so I think the tradeoff is worth it.

(Log in to post comments)

Don't reuse passwords

Posted Jun 12, 2012 0:35 UTC (Tue) by nevets (subscriber, #11875) [Link]

> Absolutely, one should never use the same password for two different sites.

Why not? I have the same password for facebook and google.plus. I have the same password for LWN and /. (but different than FB and G+, and now the LWN admins know my /. account ;-)

And I use the same password for all those stupid 'register here' crap (NY Times, etc). Thus if you break into one of my accounts for posting on a news site, you can pretty much post as me on all news sites.

But do I really care? No.

My bank password is unique, my VPN password is unique, basically I have a separate password for every thing that actually matters. If I had a linkedin account (which I don't and delete once a week a new 'invite'), it probably would have been the same as my FB account, or my news account. Thus this break-in would only allow the attacker to mess with my virtual identities but not any of my real ones.

Don't reuse passwords

Posted Jun 12, 2012 19:12 UTC (Tue) by hummassa (subscriber, #307) [Link]

> Why not? I have the same password for facebook and google.plus. I have the same password for LWN and /. (but different than FB and G+, and now the LWN admins know my /. account ;-)

_Now_ G+ admins and FB admins know your account on each other...

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds