“Treat your password like your toothbrush. Don't let anybody else use it, and get a new one every six months. — Clifford Stoll”
A work laptop. An online banking account. A Facebook profile. A Twitter account. The list of items that the average person must access today by means of a password is large and is ever growing. It’s not uncommon for an enterprise network administrator to have to memorize a couple of dozen server passwords. The average UNIX and Linux user has about 25 accounts but buses only 5 passwords. Keep in mind that this is in an enterprise environment in which password and network security are generally enforced. For the everyday internet user who is navigating the largely untamed wilderness of the web, password security becomes a matter of personal responsibility. Unfortunately, just a single user neglecting this issue can compromise entire systems. It is not to be taken lightly yet over 10% of you have a password like 'password' or '123456'. Really? 123456? I would not use that on my luggage.
This is a timely topic since Twitter just experienced a round of mass user account breaches and has sent a reset notification to 250,000 users. One positive thing to note is that Twitter has indicated that the attack was not due to user negligence, but the attackers were able to access limited user information such as usernames, email addresses, and session tokens. Since Twitter took it upon itself to invalidate the passwords of these accounts, users should also reset the password on any other site that uses the same password. Then, of course, never use the same password across websites again as this situation illustrates why the prospect of doing so is so dangerous.
This isn’t by any means Twitter’s first time dealing with a massive scale breech, and similar situations have beset other top-tier websites. A Yahoo! breach last year compromised 450,000 credentials and over 20 email domains. Not long before the Yahoo! breach, LinkedIn was the victim of massive account hacking. That is considerably alarming given how much professional information is contained on LinkedIn and the air of legitimacy that the site invokes. It should be assumed that until internet users are in the habit of applying a one username, one password policy to their online activities, when one major site is compromised, all major sites are compromised.
Contact us to learn about all password and web security best-practices and help make things a lot more difficult for hackers.
