if you follow the happenings of the web closely, you’d already know everyone is up in arms about Gawker getting hacked.
password management and security is like flossing before sleep. It’s a pain but you know you have to do it.
this is an opportune moment for me to point to my fellow nerds that i recently started a new blog called K’s Coding Corner where i dish my learnings on programming. i recently wrote a post on how to store passwords in a web application correctly and would like to smugly shamelessly state that Gawker should have read my post (muhaha).
i mean seriously, this is Gawker! the same people who run Lifehacker, not to mention sites like gizmodo. they should know better than to have such a half assed method of storing passwords.
for the normal ones that want to know why this post is on my personal blog, here’s my recommendations that even Jeff Atwood misses on an otherwise clear and detailed post:
- Do NOT keep the same password for all sites
- Use a password manager like KeePass (what i used in my PC days), LastPass (what i currently use after moving to a Mac) or 1Password.
- Keep one super strong Master password for the above mentioned services and let them worry about your passwords
i cannot possibly stress these points enough. a post on Quora ( slamming the use of OpenID-different topic though) suggests otherwise i.e. using same username/password for multiple sites. this is simply bollocks. when you have such awesome password management services like LastPass which are absolutely free, you shouldn’t do such crazy things and the Gawker password incident is a perfect example of why you shouldn’t.
so gentlings learnings for the day:
- DO NOT use same username/password for all sites
- Use LastPass (or KeePass or 1Password) instead to manage them for you
- if you’re into programming/coding read my other blog – K’s Coding Corner
Peace.
