How Your Password is Lost
Karl Bode writing for Motherboard: Hundreds of Thousands of People Are Using Passwords That Have Already Been Hacked, Google Says
The heart of this article is that people commonly re-use passwords for all of their sites. Please do not do this.
Site 1:
- Username: skk@skk.blue
- Password: Password123
Site 2:
- Username: skk@skk.blue
- Password: Password123
Site 3:
- Username: skk@skk.blue
- Password: Password123
If Site #1 loses control of its passwords, or someone figures out their password to just my account, that also means that my accounts on Sites #2 and #3 have been compromised as well.
If you’re not using a password manager (I’ve used 1Password for about a decade, but I think they’re all pretty similar) - get one now. Chrome and Firefox and Safari also have some basic password management and password generation features built into them now, I believe. Please, at least use those.
Further reading on how some sites are trying to protect you in these circumstances: Krebs on Security: Forced Password Reset? Check Your Assumptions.