News

Disney+ "hack" shows importance of not reusing passwords

So you may have heard in the news that Disney+ was immediately "hacked" with thousands of account usernames and passwords avalable on the internet black market within hours of the service being released.

It's important to understand that it's highly unlikely that in this case Disney was actually "hacked". What is considerably more likely is that users who had signed up used account credentials identical to the ones they had used on other sites/services, which had been hacked in the past. These username/password combos were then tested against Disney+ with the hackers making the safe assumption that many people re-use the same usernames and passwords across services/sites.

This underlines the importantance of not using the same passwords on multiple services or websites. Understandably, keeping track of all these unique passwords (and perhaps usernames too) can be quite the onerous task. People have come up with all sorts of methods to make this easier. One low-tech technique I've suggested to people is to come up with a two-part password: a common part (number or words) which remains the same across all of the passwords and is easy for you to remember without writing down. Then the other half of the password is a site-specific portion, which can be another word or series of numbers. Because the unique portion is useless without the other part, it's safe to have these written down somewhere so that you don't need to remember something unique for each site/service. You only need to remember the common other part that you add to the beginning or end of each to form the password for that site.

Another solution would be to use a "password manager" which is software you install onto your computer that integrates with your web browser to handle remembering and entering your credentials for you. Popular services for this include LastPass, 1Password and Dashlane. The first two have free tiers to their service which often suffice for most people. Dashlane provides enough of a polished experience and gets such good reviews that it's also worth mentioning, despite its cost. This way, you end up with a lengthy totally-random password for each website that you never have to remember. As they say: "the best password is the one you don't know"

Regardless, the growing number of huge account credential leaks for various services and websites we keep hearing about in the news emphasize that it's important to come up with some system of not reusing passwords that works for you.

 

<< Go back to the previous page