There has been a series of interesting articles on ARS Technica over the last few years. The latest one was one I though worth sharing on here.
http://arstechnica.com/security/201...eling-the-next-frontier-of-password-cracking/
The previous one just over a year ago was the one that made me move to totally random passwords generated by LastPass.
http://arstechnica.com/security/2012/08/passwords-under-assault/
Just to give you some awareness of why I now use a different and random password on each site I go to.
I run a small hosting company and periodically through the year a couple of my clients accounts get exploited. Due to my security setup all the problem I have seen over the last 2 years have been because clients have reused passwords which have been on sites that have been hacked or they have used really weak easily guessed passwords. For example one client had his email account used in an attempt to send of 1 million pharmacy spam emails. I actually had a long chat with this client and he finally clicked that 3 months prior he had been notified that a forum he had been a member of was hacked. He used the same password for all his internet accounts and the same email address.
I recommended that as he has his own domain that he adds an email alias for each account he wants to keep and sets up a new password for each one...
For instance
amazon123@mydomain.com
ebay492@mydomain.com
I have set the domain to mydomain.com to protect his identity.
The three digit numbers are there to prevent a hacker from guessing what his other email addresses for logins are based on the domain he is accessing.
Using a different email address and a unique password for each account means that if another site or forum is hacked the hackers will not automatically have access to the login credentials to any other site.
The other advantage of using multiple email addresses is that if he receives a spam email he can tell who gave his email address away. If he wants to continue to be a member of that site he can setup a new email address changing companyname123@ to companyname324@ and he only needs to update this on one website rather than 10's or 100's.
Anyway, if like the vast majority of people you don't have your own domain then I would strongly recommend using something like LastPass and going through all your accounts especially the important ones and changing the password to something generated by LastPass.
After all if "Ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn1" is an easily crackable password that is in the crackers dictionary guess how easy "myRa4d0mPa55wd" is?
Sorry to have rattle on....
http://arstechnica.com/security/201...eling-the-next-frontier-of-password-cracking/
The previous one just over a year ago was the one that made me move to totally random passwords generated by LastPass.
http://arstechnica.com/security/2012/08/passwords-under-assault/
Just to give you some awareness of why I now use a different and random password on each site I go to.
I run a small hosting company and periodically through the year a couple of my clients accounts get exploited. Due to my security setup all the problem I have seen over the last 2 years have been because clients have reused passwords which have been on sites that have been hacked or they have used really weak easily guessed passwords. For example one client had his email account used in an attempt to send of 1 million pharmacy spam emails. I actually had a long chat with this client and he finally clicked that 3 months prior he had been notified that a forum he had been a member of was hacked. He used the same password for all his internet accounts and the same email address.
I recommended that as he has his own domain that he adds an email alias for each account he wants to keep and sets up a new password for each one...
For instance
amazon123@mydomain.com
ebay492@mydomain.com
I have set the domain to mydomain.com to protect his identity.
The three digit numbers are there to prevent a hacker from guessing what his other email addresses for logins are based on the domain he is accessing.
Using a different email address and a unique password for each account means that if another site or forum is hacked the hackers will not automatically have access to the login credentials to any other site.
The other advantage of using multiple email addresses is that if he receives a spam email he can tell who gave his email address away. If he wants to continue to be a member of that site he can setup a new email address changing companyname123@ to companyname324@ and he only needs to update this on one website rather than 10's or 100's.
Anyway, if like the vast majority of people you don't have your own domain then I would strongly recommend using something like LastPass and going through all your accounts especially the important ones and changing the password to something generated by LastPass.
After all if "Ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn1" is an easily crackable password that is in the crackers dictionary guess how easy "myRa4d0mPa55wd" is?
Sorry to have rattle on....