I bet you are amongst the majority of internet users who use one password for everything.
A password is only as strong as the weakest link and if you use the same password on multiple sites it is only as strong as the security on the weakest site.
And if you recently had an account at typo3.org you just found the weakest site as their site was compromised over the weekend.
It doesn't matter how strong the password is, of course it should consist of mixed case alpha-numeric characters and not be based on a dictionary word, if a site's user table is compromised, your password is compromised too.
And not just your password, many sites also store your email address, street address and/or date of birth! So if you use the same password on multiple sites, which probably means you use the same username as well, one weak site can provide a hackwer with access to all your sites and a myriad of information.
But how can a hacker find out which other sites I use?
Some obvious social engineering would show that if you had registered at a joomla extension website you would probably have also registered at other Joomla related websites. And if you used the same username then some simple google power searches will give a list of other sites as well.
OK so do I really expect everyone to use unique, and strong, passwords on every site that requires a password. Yes!!!
It's really not hard if you use the right tools. Personaly I use insert link keepass to generate and store all my passwords. They are all rediculously long and complex and despite my legendary memory for obscure facts and figures I could never hope to remember them all.
But I don't need to as keepass does it all for me. It lives on a usb key so I always have my passwords with me and just because I'm paranoid the USB key itself requires my fingerprint before it can be accessed.
If all of this sounds like a lot of hassle then it is nothing compared to the hassle, aggravation and time currently facing everyone who has ever registered for an account at insert link typo3.org
"As far as we could find out, an admin password was stolen and used to find out more passwords on typo3.org."
"We highly recommend to change your password on all websites where you use the same or a similar password."
Don't be a lazy fool today, switch to using strong unique passwords using keepass, and protect your identity for tomorrow.
