So, no one has said boo about the LinkedIn breach?The bell curve predicts that our community will have people with breached passwords on that site, and some percentage of those people reuse those same passwords elsewhere. If not true for you, it is likely true for the user community you serve.What I have passed on to our communications folks about getting a message out:
[...]
2. Go change every other website login that uses that same password. Now. Even if you use a different username with that password.
If you can't remember all of those, at least do all the ones you do remember. If you sometimes tell your browser to remember your credentials for login, look at the browser's stored values now (insert appropriate example for IE, Firefox, Chrome). Go change all of them, and make them unique.
What is frequently missed during these internal discussions is that practically every website out there uses an email address as the recovery channel for forgotten account/password. So it isn't just 'same account name' that you have to worry about, it's 'same recovery email address', which is highly likely to be uniform or a very, very small list.
Because of this, I remind people that the login information for their primary email accounts should be treated to bank-like security. Events like these are good reminders of that.
--
Law of Probable Dispersal:
Whatever it is that hits the fan will not be evenly distributed.
Whatever it is that hits the fan will not be evenly distributed.
_______________________________________________ Discuss mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
