Password Safety

[Pri]

I know that many of you will already know this but it is important to use strong passwords on the internet and to make sure your passwords are different on every website.

I'm making this topic for those of you who may not think much about this and use the same password everywhere. Recently there has been massive breaches in security at some large websites including MacRumors.com, vBullitin.com, ubuntu.com and even adobe.com

These breaches combined means there are over 160 Million Email + Password combinations from all these sites which are out there in the open for anyone to download and look you up.

The passwords on these sites are stored as a hash, this is like a code derived from your original password using a mathematical formula. But don't be fooled, this does not mean your password is safe, these hashes can be broken very quickly on modern computers, sometimes in under a second for each password.

This is why it is very important that you use a different password on every online service you use so that if one of your passwords is compromised the attacker cannot use those login credentials on any other website.

There are many tools to help you to automatically generate a new password for each site you use and then keep all those passwords on your home computer in an encrypted file (encryption so strong it would take 10's of years for computers to break it).

I personally use 1Password which is available for Windows, Mac, iOS and Android. 1Password isn't free but there are other free alternatives such as KeePass and that would be the one I'd recommend if you don't want to pay for a password manager.

Remember if you do use one of these programs to backup your encrypted passwords file as you wouldn't want a hard drive failure to lock you out of your accounts.

I know this is a pretty boring topic but it is very important you take these kinds of precautions as the amount of breaches on websites where usernames and passwords are being stolen is growing rapidly. I would go so far as to describe it as an epidemic, in only the past two months 8% of the entire internet community had their passwords stolen. (8% of 2 Billion internet users = 160 Million). So heed my advice here and protect yourself as the odds are one or more of your passwords may already be out there right now sitting right next to your Email Address for all the world to see.

[Pri]

I just wanted to update this thread to say that okcupid.com a large dating website has just had their database posted online and it contains 42 Million Emails, Usernames and Passwords. In this case the passwords were not even hashed so there is no decryption necessary.

Full story here: http://arstechnica.com/security/2013/11 ... passwords/

If each one of the logins stolen from that site were for a unique individual who uses the internet that would be 2.1% of all internet users login credentials stolen and available.