Ars Technica ran an article this week that has scared the crap out of me. The article details how these various password cracks we’ve heard about are making it easier for hackers to crack our passwords. In a nutshell, the few successes have allowed dark-hat hackers to build a database of passwords that they can use on high-speed computers.
You need to read the Ars Technical article yourself, but make sure you understand these points:
- Short passwords are not safe, no matter how clever you think you are.
- Longer passwords based on words or modified words (like “winni3th3p00h”) are not safe.
- You cannot assume that your username and password combination are not in some database already.
- You must not re-use username and password combinations. Ever.
- This is very, very serious stuff. Do you want to end up like Mat Honan and have your digital life (pictures of your kids or clients’ evidence) erased?
I will have more to say about this later. Right now, I’m going to spend some time changing passwords with the help of 1Password‘s password generator.