1.2 Billion Passwords and Usernames Hacked

Do what I do, go here https://api.wordpress.org/secret-key/1.1/salt/ are use atleast five of those strings as your password

It makes it nearly impossible to guess your password, but doesn't stop people from hacking the servers they are stored on.

Here's a concise article from CNET on the subject:

The guide to password security (and why you should care) - CNET

To answer your question, you should change your passwords. But we should all change our passwords frequently anyway.

I have over 500 passwords...I may change some of them, but certainly not all!

Cheers

-don

I received 2 emails from Hostway about password security.

------------------------1st email-------------------------
Valued Hostway Customer:

Hostway Services, Inc. is reaching out to advise you on taking action on the recent report of 1.2 billion compromised username and password combinations, believed to be the largest ever hack of private Internet information. As the security of our customers is our top priority, we’d like to take this opportunity to remind you of some password best practices:

It’s important to immediately change your password – not just for your Hostway account, but also for any accounts you use that involve personal or financial data. Make unique passwords for each of these sites, so that anyone gaining access to one of your accounts doesn’t easily gain access to more. The email account you use for password recovery is especially crucial to maintaining your digital security.

A strong password has the following characteristics:

• Eight characters or more
• Both uppercase and lowercase letters
• Numbers and special characters
• No proper names or personal information

With these tips, you'll be well on your way to a safer online existence.
If you have any questions or concerns about this notification, please contact us. It is Hostway’s priority to keep our customers’ data secure.

Thank you for your business!

------------------------------------------------------------------------------

-------------------------------2nd email-------------------------------
Valued Hostway Customer:

Our prior email about password security seemed to lead to more questions than answers, so we’d like to clear several things up for our customer base. First and foremost, our earlier email was meant to be an informative article to share email best practices. We strive to enable our customers to be as secure as they possibly can. We were not saying that you had to change your Hostway password.

Your Hostway account password is no more vulnerable than any other password you use on any other site. This email was intended as an alert for our customers that more than a billion passwords and accounts across a variety of sites were no longer secure, and that action should be taken to ensure the security of your personal and financial information.

In accordance with this, we are advising you to change the passwords you use for any accounts that involve personal or financial data. Make unique passwords for each of these sites, so that anyone gaining access to one of your accounts doesn’t easily gain access to more. The email account you use for password recovery is especially crucial to maintaining your digital security.

Log into your SiteControl to change any of your passwords. If you’re unsure about how to do this, please contact our support team.

If you have any questions or concerns about this notification, please contact us. It is Hostway’s priority to keep our customers’ data secure.


Thank you for your business!

------------------------------------------------------------------------

All very good tips here. Thanks everybody.

My first line of 'defense' is that I never save/store passwords that are for financial sites such as my Bank or Paypal including in my browsers. It is a little more trouble but I feel it is safer.

As well, any of the sites/applications where you are saving your payment details could get hacked, so again I never save the information. There have been a few times where the company saved the information without asking me and I made sure they removed it (your credit card info to make future purchases 'easier') - no thanks.

I would never use anything that saves all your passwords in one place - to me that is just too much of a target. (like passport or whatever that one is that saves all your form input -

I always remind our clients that passwords are not about ease of use but for security - (why you don't use real words or anything that could be 'guessed' by a computer program).

People are lazy and in denial about the risk. With that said the one time I was 'hacked' was walking into a store and using my Visa/ATM card at the POS machine.

Somehow they scanned the magnetic strip and made another card (in Russia/USSR) with their name, etc, but which debited my account numerous times before it was discovered. (got all my money back) but nobody would pursue it from the bank to the FBI - I knew exactly the (different than usual) store it happened and the guy behind the counter looked like an Al Quaida recruit. The Bank would rather just have their insurance cough up the couple thousand dollars they stole.

I'm using about the same password everywhere.

However, I also have two step authentication.

This means that unless they hack my phone too, even with the right password, they would need a six digit code sent by SMS.

I think two step authentication is one of the best things invented since SSL.

I'm using my phone for codes, I have a card with six one time codes for Gmail in the case I lose my phone and physical authentication for all banking information.

So unless they:
1. Find out my usernames.
2. Find out / crack my password.
3. Steal my phone.

... it is kind of hard to login.

The only weak link is my laptop, as I save all my passwords by default. However, I'm using Linux and without sudo it is next to impossible to install a key-logger.

Of course, I am secured only against my email accounts, social networks and banking but I would be more worried if someone got into my Gmail account than into my WF or some other forum account.