eBay hacked, every user must change password

I just started using LastPass, which you can use on anything by just logging in and using your ‘vault’ like a handy bookmark folder.

It’s pretty cool. One of these days I have to sit down and replace all my duplicates with randomly-generated passwords…

Then I’ll just have to cross my fingers that only LastPass isn’t hacked.

perplexed that people don’t change their passwords often

Great lot of people are recommending here password managers they use. Great to see that there are people using them and having strong and unique passwords.

I use Sticky Password - http://www.stickypassword.com so if anyone is still looking for the right one, this one is worth trying out.

try using a password manager.

also, writing them down isn’t as bad as certain knee-jerk reactions suggest. writing them on a post-it note stuck to the monitor where anyone can see them is obviously bad, but bruce schneier has for years advocated writing them down on a slip of paper you keep in your wallet. writing down a password turns it from “something you know” into “something you have” - you just need to recognize the need to keep that “something you have” physically secure.

2 Likes

for one thing, encrypted <> hashed. the fact that the passwords are limited to 20 characters alone is enough to suspect they aren’t actually hashed, but the wording being reported here EBAY... You keep using that word 'ENCRYPTION' – it does not mean what you think it means • The Register makes me think they’ve rolled their own obfuscation algorithm and aren’t even sure what the difference between encryption and hashing is.

of course the non-encrypted data might well be worth even more than the passwords.

This topic was automatically closed after 5 days. New replies are no longer allowed.