Facebook, Strategy
Christian University Hacked, Compromised Passwords Used for Facebook
Abilene Christian University suffered a security breach the other day and it appears that the compromised usernames and passwords (especially the latter) were then used to gain access to Facebook accounts.
I think, among other things, that this should serve as a gentle reminder that it can be very dangerous to use the same password for all of your online accounts (but you probably do anyways, right?).
I remember that one of the best pieces of advice came from a co-worker a number of years back who suggested the simple strategy of adding 1-5 letters at the end of each password depending on the online service I was using. For example:
- Base password: teehee123
- Facebook: teehee123fb
- Twitter: teehee123twit
- Gmail: teehee123gmail
- And so on…
I think this strategy is almost too easy not to use.
So, do you have 1 global password or do you play it safe?
Buzz it!
Leave a Reply
21 Responses to “Christian University Hacked, Compromised Passwords Used for Facebook”
- 4,864 feedburner + twitter followers
- Internet Security For Your Church: Part 1 of 3
- Giveaway: Rocket Launcher
- Praying for Force Quit [COMIC]
- Providing Storage and Backup for Your Staff
- 10 HTML5 Demo Sites to Drool Over
- Weekly Top Commenters
- Make Your Own E-Mail Server
- Jesus is the Reason for the … Fail?
- ChurchIT Roundtable – Live from Saddleback!
- A New Type of ‘Infinite Loop’
- Inspiration: Stop-Motion (Church in the Making)
- After Effects Video Tip: Quickly Adding a Vignette
- Giveaway: 1 TB External Hard Drive
- A Trend Toward Simplicity
- Inspiration: Slow Motion
- CSS3 Generator
- Weekly Top Commenters
- HTML5 Makes Me Cry Tears of Joy: Ambilight Video Tag
- Technologies for Worship at the 2010 NAB Show, Free Tickets!
- Pearl Jam, The Rolling Stones, Freaknik, and Passion’s Awakening…?!
- Winners: iPhone Magnets
- Size of the Mobile Market [INFOGRAPH]
- Concept Feedback – Free Concept Reviews For Marketers, Designers, & Developers
- Sustained Adoption and Use of Mobile Technology Requires One Thing: Usefulness
- Weekly Top Commenters
- Giveaway: Rework by 37Signals
- Healthy, Constructive Criticism
- Android Handsets are Getting Really Pretty…
- Giveaway: iPhone App Magnets
- Streaming Sermons: Point of Connection or Disconnection?
- Web Developer
- Media Director
- Director of Awesomeness, Marketing, Social Media Strategy, and More.
- Network Administrator
- Web Software Developer
- Graphic Arts Designer
- Group Life Connections Coordinator
- Pathways to Ministry Coordinator
- Administrative Assistant for Congregational Care
- Coordinating Assistant
- Prayer Request From Erica
- Prayer Request From Eero
- Prayer Request From Maryna Conway
- Prayer Request From Jordan Wiseman
- Prayer Request From Nick Shoemaker
- Prayer Request From DerekDRobertson
- Prayer Request From gunnard
- Prayer Request From Kyle Reed
- Prayer Request From David
- Prayer Request From Jim Gray
Half-Screen Ads Annoy Me 
I use the same at the beginning and vary at the end for different accounts, though some sites I have the same password, but many times it's for a site that I'm not even sure I am going to continue to use. I just have to create a user id/password to even access it.
I use retinal scanners for password encryption, but before you get any ideas about using a spork on me. I use a set of eyeballs that I purchased on eBay. So they are color coded for levels of security.
Ok actually I use the old Unix server admin rules. Numbers, Letters, Case changes and random characters. Which is a real pain at times on the iPhone when I install apps that require access to twitter, facebook, etc.
Song lyrics, my friend. I use song lyrics. For example let's take one from Lee Greenwood, "I'm proud to be an American." I grab the first letter of each word.
–> iptbaa
Then I add a date or some numbers of significance
–> 7/4/1776
And I get a password that I remember by context, and can recreate without having to memorize each character.
–> iptbaa741776
peace | dewde
Lee who?
I have a generic password i use for things that aren't particularly important (forums ect.). The passwords for my facebook, university accounts, paypal and netbanking are all different.
genius strategy, thx!!
alpah numeric
I use Qu1nsgeni5ous#2 as my password for all my accounts.
Is that ok?
lol
noooo.
I reckon a password safe is great so long as your 'password safe' password is near perfect and does not get lost.
But it is a single pt of failure.
And a nuisance if you access different computers.
I use unique passwords for EVERYTHING on the web.
At work, we use RSA SecurID tokens. That saves me from having to memorize another two-dozen passwords.
I use 1Password (Mac only) to generate passwords; there are some sites I have no idea what the password is
I just started to update / change all my passwords recently after the twitter / gmail hacking incident. The bad thing that i haven't been getting much sleep lately and kept on forgetting my Google Voice password.
Web sites need to start coming up with a better "I forgot my password system". If it just sends an email then all your accounts are compromised once they hack your email account. "Secret questions" really aren't too secret anymore. If you are my friend on Facebook or stalk me at all you most likely can answer my mother's maiden name, favorite color or shoe size. Plus the quizzes on FB data mine the heck out of your and publicize to for your friends.
Overall I use unique passwords for the important stuff and a formula to create passwords for random sites like the Children's Museum Science Club etc.
You have a great point that most 'forgotten email systems' email a new password, meaning if someone can crack your email password they can get access to just about every other account you may have with ease. I am guilty of using the same rather complex password for everything which I may begin changing soon so that I am a bit more protected.
Thanks for giving me your passwords, I am going to hack into your sites now and make some changes.
I change my passwords often. My biggest problem is I forgot which one i am using at the time. I do have a firefox plug-in called skipper that remembers them all for me, but that makes me pretty nervous at times. I have debated on getting rid of this fine plug-in and just using a piece of paper to remember my ever changing passwords.
Lately I’ve been using unique passwords for every site. I use 1Password, and it generates and stores them for me. Before that I used a technique thy went something like this (using Gmail as an example):
first letter of service, capitalized (G)
number of letters in name of service (5)
one letter after second letter in service (n)
one letter before second letter in service (l)
last letter in service (l)
order in alphabet of last letter in service (12)
For a combined result of G5nll12.
But I prefer to just generate and save them. It saves me the effort of having to think through it.
I've just started using a new password. It's "rb37… hey, wait a minute. I'm on to your trickery!
I have three levels of passwords that I use, one for internet groups and forums, another one for stores and sites (like Facebook, etc) that store personal information, and another for online banking, etc…
I have found that it seems to work pretty well, but you still need to be careful and create passwords that follow the case, numbers, and letter rules, and of course, not inadvertently give them out to phishing sites.
I have a rotation of about five passwords (up from three last year). I am not sure if this is safe or not….
I have been only using 1 password but I am going to take your password advice. Thanks for sharing it!
working of the main post's suggestion. you can take a password – e.g. sunlight and then add to the beginning and end of it based on the website url (like the first and last letter of the main URL). for a website like facebook
I use 1Password and have used it several times to remember passwords for various accounts. It's been reliable and as often as I backup … the passwords are too.
i have two basic passwords depending on the website; one for sites that access financial data, and one for everything else.