Secure passwords, everyone is responsible
I have just been scared to death in reading this article about the recent security breach at Adobe:
The thing that is scary is that figuring out all the encrypted passwords in the file that was accidentally made public wasn’t too hard because so many people use completely unsecure passwords.
Here are the top 10 passwords in that file.
It was because those 10 passwords made up about 5% of the total and that Adobe used an encryption method that always encrypts blocks of text the same throughout an encryption that made it possible to figure out the patterns and once found, then the entire file could be unencrypted and everyone’s usernames and passwords in the entire file could be converted to plain text.
So, all those who used the same password on that site and on all the others they use just had all of the sites they log onto with that password compromised.
So those stupid passwords not only put those users at risk, but everyone else too who doesn’t use a different password on every different site. Partly those users fault and partly Adobe’s for using such an encryption protocol.
I have long preached about using a different very secure password for each site, for which I personally use LastPass (love the new version 3.0, by the way). However, I have still not gotten around to going to every website I have ever used and getting them all changed. This article made me decide to move that up my list of priorities. Please, everyone, start using LastPass or another password generator/tracker and make all your passwords secure, random, and unique for each website.
And please rest assured about the security. I won’t try to vouch for any other password programs, but LastPass is safe for the following reasons:
1.They use a proper encryption scheme that rotates through keys, so there is no repeating pattern if passwords repeat, like Adobe’s did. Also, it is 256 bit, which means even the NSA would take years to break it, if they spent all their resources on just breaking your key.
2. The key stays on your computer, and the encryption and decryption occurs on your computer. Only the encrypted data is transmitted to LastPass. Even LastPass can’t read it, without your encryption key.
I just thought it might be helpful to everyone else to see how this scary security breach happened and share the concept with everyone you know to help increase the security level for all of us.