Exploring Linux, security, and privacy

The Long List of Password Breaches

Last updated on Feb. 26, 2014: added the massive cache reported by Hold Security

Motivation: High Rate of Password Theft

Over the past few years one cannot follow technology news without feeling that the rate of account credential theft including passwords, encrypted or not, and personally identifying information has been accelerating. I’ve written several articles on ways to mitigate risk and make it very easy to respond when such a theft happens.

The process starts with using a password database manager like KeePassX or LastPass (and if one chooses an offline solution like KeePassX it’s wise and not inconvenient to use encryption and cloud syncing to make things easier without sacrificing security). It continues with gathering up one’s online accounts and changing the passwords to unique, random, and strong passwords using the password database software.

In fact it was news that Kickstarter was hacked and account credentials were compromised today that prompted me to begin this list. It took me all of a minute to lock my account back down with a new 100-character random password and no other account was ever at risk. Therefore my primary motivation in making this list is to provide a long list of reasons to adopt password security practices such as mine. They honestly make one’s life simpler (memorize one or two strong passwords versus memorizing and inevitably forgetting tens or hundreds of weak ones) and it’s far easier to respond to these increasingly common account credential thefts.

I’ll be doing my best to keep this list up to date including filling in gaps by researching past incidents.

The Long List of Password Breaches