It’s now been pretty-well dissected that Adobe’s security breach has resulted in some 50 million accounts being exposed. A list of the top fifty passwords by use has been posted by security experts as well. (You can also attempt to complete crosswords based upon the 1,000 most common passwords). The fallout is proving to be massive, and the results of the breach will likely continue to be felt for some time.
To date, some other companies (such as Facebook) have required users who may be affected to change their passwords, in order to minimize the damage and expose users’ other accounts. It is still unclear how many other accounts the hackers were able to access but there is a high risk. Because people use the same password for many sites, getting access to one sites’s passwords means that you will be able to get access to multiple sites for that person.
If you were affected, then we recommend changing your password for any site that shared your Adobe password. However, it is important that you make a note of your password changes somewhere as well. As we have said before, if you don’t leave your passwords somewhere, then it will make it harder for people who are taking care of your affairs. Saving your passwords is actually a relatively easy task.
The first way is to simply write all of your passwords down on a piece of paper. As part of our estate planning package, we provide clients with a Document Location and Information Packet; one of the pages of this packet is a page that can be photocopied as many times as is necessary and simply lists account information (site, username, password). For some sites, such as banking sites, you should also list your security questions – if the bank does not recognize the computer or the IP address that is attempting to log in, then it will ask for this information.
Another way is to use password software. KeePass and PasswordSafe are two of the biggest ones. These programs let you keep all of your passwords on your computer (or in the cloud, depending on whether you pay for the service, or the options enabled), or on your phone, and secured by a master password. The programs will also generate theoretically secure passwords as well. These programs will also run off of a flash drive.
You should be careful about where you use your passwords. If you aren’t sure that you can trust the site, then do not use a common password for it. Some security experts recommend using base passwords but modifying the end (so if your base password is “Timmy1″ then for LinkedIn it might be “Timmy1In” or for e-mail it might be “Timmy1Ma”) but that system has risks as well. For an interesting perspective on better passwords, this XKCD comic is worth a read.