Karl Bode writing for Motherboard: Hundreds of Thousands of People Are Using Passwords That Have Already Been Hacked, Google Says

The heart of this article is that people commonly re-use passwords for all of their sites. Please do not do this.

Site 1:

  • Username: skk@skk.blue
  • Password: Password123

Site 2:

  • Username: skk@skk.blue
  • Password: Password123

Site 3:

  • Username: skk@skk.blue
  • Password: Password123

If Site #1 loses control of its passwords, or someone figures out their password to just my account, that also means that my accounts on Sites #2 and #3 have been compromised as well.

If you’re not using a password manager (I’ve used 1Password for about a decade, but I think they’re all pretty similar) - get one now. Chrome and Firefox and Safari also have some basic password management and password generation features built into them now, I believe. Please, at least use those.

Further reading on how some sites are trying to protect you in these circumstances: Krebs on Security: Forced Password Reset? Check Your Assumptions.