In November of 2012, Wired Magazine wrote a cover story titled, “Kill the Password,” in which Mat Honan retold how hackers stole his identity and hijacked his social media accounts. After some research, Honan shared just how easy it is for hackers to steal passwords, often with some fairly low-tech methods.
Fast forward to October 9, 2013, when Adobe Systems emailed its users that hackers had stolen encrypted user passwords. However, the fact that Adobe was hacked wasn’t the problem. The email was sent to call attention to the real problem: “We recommend that you also change your password on any website where you use the same user ID or password.”
Yikes! How many web-based accounts do I have that use the same user name? In January of 2012, I began documenting all the web-based accounts I use. 66 of 167 web accounts use the same user name. 40 use another. How many use the same password? Coincidentally, 66 use the same password.
Despite how obviously vulnerable I am, I might have been complacent enough to ignore my own security negligence had two more Internet companies not emailed me about Adobe’s password breach. On November 16, Eventbrite emailed me to recommend that I change my password on their site because of the security breach at Adobe. Four days later, Evernote emailed me to recommend the same, again in reference to Adobe’s breach.
It’s time to pay attention to these warnings. Passwords are an incredibly insecure way to protect data. But since they are the current method, it’s time to change how we manage passwords until we no longer need to rely on them. I now have the tedious chore of changing all 167 of my web-based account passwords. And it took about an hour just to change eight. When done, I’ll have a few words about that process.