The many high profile hacks that have occurred recently, like the one on Sony and Gawker (and those are the ones we know about) have made me think a lot about my online security. We all know what we need to do: Use different strong passwords that cannot be guessed using dictionary attacks for every single account.
The stakes range from the mildly annoying (someone sending spam from your email account, which can get it deactivated) to the really annoying (damage to your reputation due to inappropriate posts made from your Facebook/Twitter/Google+/whatever account), to the really painful (money stolen from bank accounts, identity theft).
I think password reuse is especially bad: someone gets access to one password database, they can now try them on many popular websites. It will work. Hackers don’t do this because “I” or “you” are terribly interesting people to hack. They do it because it’s profitable. Spam, Google Bombing, you name it. It happens all the time, just see how many fake emails you get from for friend’s email accounts. Just a few weeks ago my friend Rafa had his Skype account compromised and his SkypeOut credit used. It’s real.
Ok, but is there a practical way to have different strong passwords for every service we use? I think there is, and I’ve decided to do it. Follow up post coming.