In The News‎ > ‎

Big Scary Password Breach

posted Aug 6, 2014, 6:33 AM by Craig Cox   [ updated Aug 8, 2014, 7:05 AM ]
Today's News Journal / USA Today has an article about a Russian crime ring compromising 1.2 billion username and password combinations across 420,000 websites.  The article is long on scare and short on specifics, with the only advice offered being to change all your passwords.

The InfoSec community isn't yet panicking, however.  Hold Security may have exposed a bigger group of compromises than usual, but hackers have always been chipping away at websites and stealing information.  This is not a jump in compromises that took place so much as a jump in compromises discovered.  The ISC commentary on this report seems to be a typical response.

The same advice that has been floating around still applies.  Last October's Ouch newsletter covered password manager programs.  These programs offer you the ability to keep a very strong, and unique, password for each and every web site you visit.  The only password you have to remember is the one that lets you into the password manager program.

Update 8/8:  Security expert Bruce Schneier is skeptical about the bona fides of the company that originally reported the breach.  Second update:  Brian Krebs vouches for Holden.  The story is unfolding oddly; but that doesn't change the advice about password management.

One of the presentations I offer, free to Delaware Tech students, staff and faculty, is on the subject of strong passwords.  Because of trends in password cracking, I am expanding the section on password management software.  Please contact me if you would like to set up a presentation for your group.