This was a bad year for those depending solely on passwords. After the big Hotmail password breach of 2009, one might have hoped major online sites would have taken additional steps to address authentication security, but 2010 started out with the massive breach of Google, including its password system (codenamed Gaia). Do you use a different password for Google than for each of your other accounts, both online and other? I sure hope so!
In April, attacks on the Jira system, in combination with some bad programming practices, led to a password breach at Apache.org, home of the most popular web server platform and many other projects.
Most recently, passwords were breached for users of sites such as Lifehacker, Gizmodo, Gawker, Jezebel, io9, Jalopnik, Kotaku and Deadspin. Of course, since people used the same passwords on those sites as on others, the breach damage quickly spread to Yahoo!, World of Warcraft, and LinkedIn.
There were so many other breaches that cataloging even the reported password breaches of 2010 is enough to make one queasy. I urge my industry colleagues to take proper steps to create strong passwords – unique for each use – protect them carefully, change them regularly, and ideally, implement strong authentication where you have the power to do so, in order to help mitigate some of the password risks.
Share this post: