Saturday, July 14, 2012

Knowing how users think, other sites proactively force users to change their passwords after Yahoo Voices hack

The hack of over 400,000 Yahoo Voices accounts happened days ago, but the fallout is still occurring. Knowing that many people tend to use the same password on more than one site, other sites have proactively been forcing their end users to change their own passwords.

Skinit Laptop Skins
How do we know this? We ourselves have been hit five times already by sites asking us to change our passwords. They did so because they examined the Yahoo Voices leak themselves, and discovered that our email address was among them.

Once again, knowing that most people tend to re-use the same password repeatedly, the sites (we won't detail them, but they came from a wide variety of genres) sent us emails telling us that our account logins had been deactivated, and that we would need to use the "forgot password" method to create a new password.

This is actually a good move on the part of websites. As far as we know, this is the first time this sort of proactive behavior has been executed.

On the other hand, we do not use the same password everywhere. Instead, we use a password program (LastPass) to both generate strong passwords (including special characters such as % and #) and track them for us.

LastPass even includes a browser plug-in so that when we visit sites, we can autofill the password fields or autologin to them.

What's even better is that the program is free for desktop use. If you want to use the product on your mobile device, it's $1 per month, a reasonable fee.

Discount: Panda Campaign
There are, of course, many other free and paid programs that do the same thing.

So, look all you websites out there: we appreciate your concern, but we don't use the same password everywhere. On the other hand, there are plenty of people who do (such as our hairdresser, who admitted that today), so we're glad you are doing this (though annoyed you are including us).

In the wake of the Yahoo Voices hack, the advice is still the same: use a strong password and don't use the same one at more than one site. It's also advice that seems to continue to fall on deaf ears.

No comments: