fyi

http://abcnews.go.com/US/wireStory/zappos-amazon-sued-customer-data-breach-15387817

http://xkcd.com/936/



Something to think about for everyone out there who needs to change up their passwords....

Lastpass.com

Check it out.

I didnt get an email from Zappos but I just logged into their site and got a message about the security breach and a request to change my password.

I shop with a bank acct linked check card and, luckily for me, I closed that account on Bank Transfer Day. I know I havent bought anything from Zappos since then, but I still feel like I need to change all my passwords. The problem is I can't remember which password I used on Zappos. So annoying.

At this point in the state of hackerdom, passwords really need to have four things:

1. They need to be unique to each site
2. They need to be complicated (ie long, using upper/lowerase/numbers/punctuationifallowed)
3. They need to not be made up of words/phrases
4. They need to either be memorized or securely stored.

It's time to look at password managers. A password manager generates complicated passwords and stores them for you. You access them by putting in your one, secure password into the system to decrypt the passwords.

Here is a list of some password managers:

http://gizmodo.com/5876508/account-hacked-these-password-managers-keep-your-everything-safe

Personally I like 1Password. It's easy enough to use, and it can be put on my laptop, iphone, and ipad. I don't trust cloud password managers because they might one day get hacked.

Once I started using a password manager, which asks to store passwords as you use them, I was shocked to find that I had nearly 60 passwords collected in a few months. Not all of them are super-important. But the problem is if any of those passwords is the same as another site, your problem can spread like wildfire.

Do you have to? No, you don't have to. But when you compare the minor inconvenience of creating and remembering new passwords for all the sites you use (which is how many, really?) with the major inconvenience of dealing with fraudulent charges at various websites, replacing your credit card and entering new credit card information and THEN changing and remembering new passwords for all the sites you use, it's a damn good idea.

Anonymous wrote:Just an idea for those changing their passwords. Come up with a short numerical code that you remember then ad that to the name of each site.
So if my code is 1234 my password for zappos would ne zappos1234, for amazon it would be amazon1234. This way you only have to remember one code but can have a different password for each site.

Unfortunately this is the type of password that is easy for hackers to crack. They know that people do this, and once they crack a password at one site it is really easy to tell what your password is at different sites.

Anonymous wrote:Was zappos able to pinpoint which subset of customers' data was compromized? I ask because I am a zappos customer who did not get the email. I guess I could just change my passwords out of an abundance of caution, but that would be really annoying if it isn't necessary.

Try logging in. If you can't log in, then you have to assume yours was compromised.

Unfortunately for a retailer, it is highly likely that the entire customer database is in the same data set.

Just an idea for those changing their passwords. Come up with a short numerical code that you remember then ad that to the name of each site.
So if my code is 1234 my password for zappos would ne zappos1234, for amazon it would be amazon1234. This way you only have to remember one code but can have a different password for each site.

I changed the password even though i did not receive the email, but i can't imagine changing the password for every site - I can't even remember which sites i use it for!