Yet Another Data Breach

[mdlbear]

It's getting so that data breaches aren't news anymore unless they're huge. The Gizmodo article calls it The Mother of All Breaches, exposing 773 million email addresses and 21 million passwords. There's a more complete post by Troy Hunt: The 773 Million Record "Collection #1" Data Breach. Hunt is the person behind the Have I Been Pwned website. That should be your next stop -- it lets you check to see which of your email addresses, usernames, and passwords have appeared in any data breach.

If your password shows up in Pwned Passwords, stop using it. Consider enabling two-factor authentication where you can, and getting a password vault. Hunt recommends 1Password. If you want open source, you can try KeePassX.

Another fine post from The Computer Curmudgeon (also at computer-curmudgeon.com).

Comments

Well ...

[ysabetwordsmith]

That's what happens when you don't let people refuse to give up their data. Currently you can either have privacy or participate in society, not both. If you participate in society, your data will be stolen and used against you. The only question is whether it will be legal or illegal datarape and how much damage it will do.

The moment something gets put into digital format, it is no longer secure.

[technoshaman]

KeePass(X) is recommended by Ed Snowden, too. I'm slowly starting to use it.

[mdlbear]

It's also the only one approved for use at Amazon. I haven't started yet but probably will fairly soon, at least for banking and similar high-impact sites

My current method is to use a text file belonging to a user with an encrypted home directory. Password lookup is (approximately)

pw () {ssh $PW_USER@localhost grep -i $* $PW_PATH}

Encrypting just that user's home directory means that it's encrypted in my backups.

I should write this up.