Eugene's observations

In recent memory there have been well publicised security lapses at several big name sites (Yahoo, LinkedIn, Sony etc.) where password and other account date were stolen. Given the bad publicity this generates if the lapse gets publicly known about this must surely be the tip of the iceberg as the natural inclination would be to hide such a breach.

The problem I am addressing here is that if your password is the same on more than one site then if any site you are registered with is breached all others are vulnerable. What would be worse would be if your password was one of the top 14 most popular and therefore least secure (as gleaned from analysis of the stolen records mentioned above) as by testing your account for these first a hacker would get a good chance of rapid success. So the time to change password would be right now if it is any of password, passw0rd, 123456, 12345678, 111111, iloveyou, qwerty, dragon, pussy, letmein, abc123, baseball, football or trustno1.

The only sensible way to handle the multiple passwords we all need these days is to have unique, complex (more than 10 characters including upper case, lower case and numbers) passwords on each occasion. And for all but Sheldon Cooper that means using a program to generate and remember those passwords for you. This does not have to cost you even. Popular possibilities include:

• 1Password
• RoboForm
• LastPass
• Dashlane
• KeePass

Resources:  Howtogeek and Lifehacker