Thanks to questionable security practices at Gawker Media (publishing parent of many high-profile websites including Gizmodo and Lifehacker), a number of people are busy scrambling to change their passwords on a lot of different sites today. Gawker stored encrypted passwords on its servers instead of password hashes (and stored those passwords using the deprecated DES standard), so as a result of some weekend hacking, a lot of email addresses and passwords were stolen.
Gawker Media is asking anyone who uses its comment system to change their password immediately, and if they used the same email address and password on other websites, they should change those passwords as well. If you have used any of the Gawker sites in the past, you can use Slate’s Gawker Hack widget to determine if your email address and password was part of the group that was compromised. Some other sites like LinkedIn are proactively disabling the accounts of users who were included in the data dump, requiring them to reset their passwords before they can get back in.
Common sense dictates that for the best security, every website account should have a separate password; you should never use a dictionary word, birthday or family name as your password; strong passwords always need a mix of capitals and lowercase letters, numbers and (if acceptable to the service you’re logging into) punctuation/non-alphanumerics. (The number of people who used ‘password’ or ‘123456’ as their comment login in the Gawker system is truly shocking.)
However, our puny human brains don’t work well with strong passwords; we just can’t remember a lot of passwords that are random gibberish, and even using mnemonics and other tricks for password generation can fill up the ol’ brain pretty quickly. There are some ways to generate strong passwords that are associated with just one website — and keep them recorded securely on your Mac or in the cloud — so click that Read More link to see how.
Continue reading Mac 101: Securing your passwords after the Gawker breach
Mac 101: Securing your passwords after the Gawker breach originally appeared on TUAW on Tue, 14 Dec 2010 12:15:00 EST. Please see our terms for use of feeds.
Source | Permalink | Email this | Comments