Facebook Plunges Again
Tumblr 101: Tips And Tricks To Get Started
Twitter warns against using the same password on multiple sites
In a new post on Twitter's Status blog, Twitter points out that a sudden surge in followers on a few select accounts was due to a large number of insecure passwords being used by regular Twitter users. What's happening is that users are re-using passwords that they've used on other sites, and some of those other sites turn out to have not been secure.
That's the thing; as soon as any of the sites you log in to gets compromised, the email address or username and password associated with it can be tried by the bad guy on various other services. Since most people re-use passwords, there's a high likelihood that they will gain access to your account. From there, who knows what kind of damage they might cause. If you're lucky, you'll notice something's amiss.
This should be a wake-up call for all users who use the exact same password, or a predictable variant at each site they log in to. If you haven't already, right now is as good a time as will ever be to make sure you're using unique passwords for all of your online services. You never know when one of them might get compromised.
Comments
4
Subscribe to commentsPeterFeb 3rd 2010 12:40PM
I shouldn't use the same password everywhere? Thank you Captain Obvious. Using different passwords for different accounts has been a good practice forever and exactly the reason why OpenID is a bad idea. Using OpenID is basically using the same password for every account. If your OpenID is ever compromised you are really screwed.
Use something like KeePass to generate strong passwords and use unique ones for every account.
Rocket RaccoonFeb 3rd 2010 12:50PM
Holy frick. I have accounts on so many sites that there is no way I would remember the 50+ passwords/user IDs I have. There has to be a better way.
bug frawgFeb 3rd 2010 1:21PM
I never use the same password twice. Yay me.
Lisa MunroFeb 3rd 2010 1:49PM
@Rocket Raccoon:
There's no need to remember 50+ passwords and usernames. Use something like Keepass, Roboform, or Lastpass. All of these will remember passwords, generate good random passwords according to your specifications, and do some auto-login magic.