I really believe that decisions about security are about
- accepting that there are no risk-free options,
- maximizing value and practicality given the level of risk you’re willing to accept, and especially
- eliminating needless risk.
When it comes to passwords, there’s a lot of needless risk-taking out there.
Sony’s breach is Sony’s fault, no doubt, but a whole bunch of people have made the situation far worse than it needs to be through [password] reuse.
Troy found that 92 percent of passwords were identical between two separate Sony systems. Perhaps even worse, two thirds of people that had accounts at both Sony and Gawker used the same password.
Given that 90 percent of companies (90!) have had some sort of security breach in the last 12 months, I’d say there is little “risk” left when it comes to wondering whether your passwords will be exposed. It’s nearly certain they will be at some point.
But you can at least “sandbox” the damage by using a different password for each account.
I would have more sympathy for you if maintaining lots of unmemorable, unique passwords were hard. But it’s not. 1Password makes it really easy.
Until companies figure out how to better operate in the password-dependent world we’ve created, it’s up to you to protect yourself.
{ 3 comments… read them below or add one }
1Password is the answer to life’s toughest problem (nowadays).
As we already knew.
For support of Firefox 5 you need 1Password 3.6. which does not support OSX 10.5 any more. Not every one is always running for the bleeding edge and 10.5. is not really old. Keep in mind, 10.7. is not available yet. I used 1Password for many years and I like it a lot. But such a central tool like a password storage should be longer lasting.
Matthias, take a look at 1Password version 3.5.10 for Leopard. It now supports Firefox 5.
Do keep in mind that 1Password needs to integrate tightly with many components of a rapidly changing software environment. We couldn’t really support both Lion and Leopard in the same product, but 1Password 3.5 will always remain available for Leopard users (just as 1Password 2.12 remains available for Tiger users).
I’ve been harping on about the problem of password reuse for a long time on the AgileBits blog. It’s nice to see someone else doing so. We should assume that a large number of breaches (possibly a majority) go undetected and that of those detected, many will go unreported. So unique passwords for each site really is essential.
Cheers,
-j
{ 1 trackback }