Monthly Archives: June 2012

Just go ahead and assume everyone knows your password

Fast on the heels of the [LinkedIn password leak](http://www.theverge.com/2012/6/6/3068652/linkedin-member-passwords-stolen), [eHarmoney also announced a password disclosure](http://www.theverge.com/2012/6/6/3069455/eharmony-hacked-member-passwords-compromised). Today, [Last.fm is suggesting that users should change their passwords](http://www.theverge.com/2012/6/7/3070639/last-fm-password-leak).

Not good.

Right now, a lot of you are thinking, “Who cares if hackers have access to my Last.fm account?” I agree. What’s the worst they can do there? Scrobble some music to your timeline, leading others to believe you have poor taste? Oh the horror!

But what if you happen to use the same password for LinkedIn/eHarmony/Last.fm as you do your email? Even if you’re one of those people who have no secrets, consider that your email is the key to a large part of your life. If you forget your bank password, how do you reset it? That’s right, through your email.

You might recall your friendly neighborhood IT guy mentioning something about secure passwords, and for years you’ve gotten by with the ol’ “yeah, yeah, I’m listening” response, but things are starting to get pretty serious. These types of breeches are becoming far more common. LinkedIn aren’t a bunch of schmucks. They’ve got a good team full of smart people, but security is hard. Security is ridiculously, insanely, absurdly, strikingly (is that even a word?) hard. Even the best are going to fail sometimes.

So what can you do? You can lend these guys a hand. Having your Last.fm account compromised isn’t a very big deal if your Last.fm password is different from all your other passwords. Keeping track of a unique password for every website you use sucks. I know that, you know that, and even the security guys know that, but it sucks less than having someone initiate a bank transfer for your entire life savings to an offshore bank who refuses to cooperate with the FBI. Let’s not find out what that’s like, eh?

In the mean time, get yourself some tools to help you out. I like [1Password](https://agilebits.com/onepassword). It works on PCs, Macs, iPhones, iPod Touches, iPads, and Android phones…. **. I’ve been using it for a couple of years now, and I’m not sweating any of these disclosures.

EDIT: Another friend of mine recommends [LastPass](http://lastpass.com/). I’ve been happy with 1Password, so I don’t have any reason to stray, but if you’re not feeling 1Password for any reason LastPass is probably worth a shot.