Q: All of my passwords were compromised in the Gawker security breach this weekend. How can I prevent this from happening again?
A: Over the weekend, Gawker Media experienced a severe network breach in which up to 2.5 million usernames and passwords were stolen and published on the web. According to a round-up of responses to the attack compiled by the Atlantic Wire, this could be the "most damaging cyber security breach of a media company to date." Gina Trapani at Smarterware dubbed it "the night everyone changed their passwords." For readers and non-readers of Gawker alike, the incident should serve as a reminder that, at a minimum, you should be using different passwords for different websites. But that's a whole lot to remember. There are solutions for that.
I've written before about 1Password, a tool that will create strong passwords and then remember them for you. And, in response to the Gawker breach, Lifehacker has put together a guide to using LastPass, a browser extension and "free password manager that securely stores, generates, and audits your passwords," according to Kevin Purdy. And there's a third option to consider: KeePass.
A free, open-source password manager, KeePass stores all of your passwords in one database that can be locked with a single master password. "The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish)," KeePass' website trumpets. For ease of use, the KeePass database can be subdivided into manageable groups and subgroups with identifying icons for each. It can also be exported in .txt, HTML, .xml or .csv formats and imported into another program.
1Password will cost you an annual subscription fee, but KeePass and LastPass are both free options. Choose one now and secure your online identity -- especially if you are (or have ever been) a member of the Gawker Media community.
Tools mentioned in this entry:
More questions? View the complete Toolkit archive.