-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 1/16/2012 09:22 PM, Dale wrote: > Howdy, > > It was on the news that some company got hacked into that was > related to Amazon. They said Amazon users should change their > password just as a precaution. I have a questions tho. I use some > pretty good passwords for the things that matter, sites such as my > bank, credit card, ebay, paypal, newegg and others that may store > things such as my credit card numbers. Here is a example but not a > close match to a typical password: > <snip> > My question. If I have a really good password and someone gets > hacked, should I change the password if the passwords are still > safe? In other words, they got some data such as email addys but the > passwords and credit cards are still secure. Should a person change > it anyway? > > One reason I ask this. I remember my passwords well. If I go to > changing them every time someone gets hacked, I'll never be able to > keep up with them again. I use Lastpass to remember them but it > could stop working because of a upgrade or something. Then again, I > could use its autogenerate thing and just HOPE for the best on > upgrades. > > Thoughts? What do you guys, and our gal, do in situations like > this? > > Dale
My idea on changing your passwords is that you should change your passwords every 6 months, at least since you can never know if someone has stolen the other site's user/password files (or your own). Even with password encryption/hashing, it is only a matter of time before an attacker will crack your password (even assuming a brute-force attack). Also, when you hear that a site you do personal business with, such as your bank, shopping sites, etc. has been hacked, it is a *very* good idea to change your password for that site, and related sites - for example, if you change your password for Amazon, you probably should change it for Paypal if you ever use it to pay for your purchases. It is a matter of protection (both the 6 month policy and the hacked site policy). It means that, even if a hacker got your username and (encrypted) password, and managed to brute force your password, it would not be able to be used to log in as you. Oh, and I do practice a policy that most advise against - I write down my passwords for sites, until I memorize them, and keep those papers safe. I do this because, if someone were to break into my home, all thoughts of computer security would go out the window. Chris -----BEGIN PGP SIGNATURE----- iEYEAREKAAYFAk8VEfEACgkQUx1jS/ORyCtIegCgjlAPcNMBTiA4fqKaFnT8bdf3 TpQAnj1hYst3EFNiIAoAHsfPG2LfXG0R =83kF -----END PGP SIGNATURE----- --- avast! Antivirus: Outbound message clean. Virus Database (VPS): 120116-1, 01/16/2012 Tested on: 1/17/2012 1:15:15 AM avast! - copyright (c) 1988-2012 AVAST Software. http://www.avast.com