There have been a number of high profile web sites that have had user login details stolen. LinkedIn being one, Blizzard and Gamigo being others.
The technical press have rightly moaned about the pitifull way that LinkedIn stored the passwords, but there has been little information about how the cracks actually happened.
Once a site has been cracked and the passwords obtained it is only a matter of time before your clear text password is recovered from the encrypted version.
There are some steps you can take:
- Make sure you don't reuse passwords
- Make your password long and complicated
If your password is long enough they may just give up on your password and go on to the next one!
These steps can be made simpler to implement if you use a Password Crypt that provides tools to help you.
However I would like to know how these sites were cracked. Unless the weaknesses or vulnerabilities are disclosed, how do we know that they have been fixed, and how do we avoid falling in to the same trap when developing other sites.
So come on guys - you tech reporters - lets have some facts.