Password Security Wake Up Call

I’ve been beating the password security drum for some time now. Today’s news had an interesting bit on Gawker Media (owners of Lifehacker, Gizmodo, and several other popular sites) and how they got hacked. Most telling was Forbes’ article explaining how Gawker chief mucky-muck, Nick Denton, knew his account was hacked and didn’t immediately change his password. To add insult to injury, he used the same password for Google Docs and Twitter letting the hacker into most of his electronic life.

The moral of this story is simple. Don’t use the same password in multiple places. Ever. The easiest way avoid this pitfall is with 1Password, which you can get with the Mac Power Users discount here.

Another disturbing part of this story is Forbes’ passage that, if true, reflects a complete lack of concern for Gawker’s users. Forbes writes

In the chat, Gawker’s Hamilton Nolan, after hearing that it is just Gawker users who have been compromised, remarks “oh, well. unimportant”. Gawker’s Richard Lawson wants to know if the breach is limited to “just the peasants?”

The bottom line is you can’t rely on anyone to protect your password security but yourself and if you are using the same password at multiple locations, you are going to get burned. Finally, for good measure, twice a year set new passwords on all the really important accounts for good measure. (I do this when the clocks change.)