Last evening, I changed my passwords on all accounts on all websites that I frequent. Just curious to know how many did the same. Hopefully someone will come up with the stats soon.
I always use different passwords on different sites. All of them are at least 10+ character long with minimum one capital, special character, and number in it. Curious to know what my friends do, I brought up this topic briefly. After the discussion, I realized that even those who are into IT, IS, computers etc. use simple, stupid passwords. Most of them even create documents with the id, password combinations and store them on their desktop! Guess what, their systems are not even encrypted!!! When you tell them about the seriousness of the issue, they just look at me and say, ‘I’m not dealing with that important data here’ or ‘nerd’ or something similar.
Somehow it reminds of a used 512GB hard-disk I bought off a street side shop in Bangalore. I found photos, videos (some were you-know-what) and some documents. One of the spreadsheet had a bunch of URLs, id, password combinations for sites ranging from social networking sites to financial websites. I never even tried any of them. I wasn’t interested in any of them; the stuff on the hard-disk itself was enough entertainment! I never shared or distributed anything off that hard-disk. I formatted it and installed Ubuntu on it! I know that the data wouldn’t have been erased during the formatting, but I’m quite sure that it would have been overwritten by now due to the usage.
Anyway, I had changed all my passwords around two months ago. However, I was somehow restless and wanted to change the passwords to make it more complex on those few important sites. I kept postponing it for weeks until last weekend. I was not a victim of Gawker Media incident. I neither have an account with them, nor do I remember commenting on their sites. Nevertheless, when I got an email form them, I just stopped all work I was doing and immediately changed passwords on everything possible.
I’m happy that I learnt a lesson or two from this incident. Most important of them all, do not create accounts on each and every site that you come across. If you really want to, create a dummy email and use that with a dummy id, password. You can use this on all nonsensical websites. If somebody cracks, you don’t have to give a damn.
Please note that no matter how strong a password you use, it all comes down to a few weak links such as the status of the machine you using (affected with malicious content, key-loggers etc.), the website you are dealing with (https - even https can be tricked or plain text transmission), the way the sites store and handle your data, how important you are to them etc. but the weakest link of all is YOU!