Russian Billion-Password Hack: Just Another Teachable Moment?
Some greeted the New York Times Russian Hackers Amass Over a Billion Internet Passwords with elation (“Wow – this will help sell our product!“) but seasoned security experts picked the reports apart with cynical ease:
- “My FUDs better than your FUD!” tweeted Pete Lindstrom of Spire Security
- “This story is getting squirrelier and squirrelier…single-handedly trying to create a panic, and then profiting off that panic” wrote Bruce in Scheneir on Security
- “Oh those nasty hackers” tweeted Mikko Hyponnen (you can almost hear him laughing as he pasted in the figure below)
Accusations of opportunism and of spreading fear, uncertainty and doubt (FUD) aside, the main takeaway for me is another opportunity to educate folks on the need for better password and authentication hygiene. Previously on Security Architect, I’ve advocated taking some low hanging fruit two factor authentication opportunities and out of the box thinking on passwords.
In regard to improving your password hygiene, for me the happiest result of yesterday’s story was uncovering a treasure of an article by Bruce Schneier on Choosing Secure Passwords.