[bluetidepro]

This is ridiculous. In the email I received from Envato it says the following:

"-- What To Do

(1) Update passwords on ANY service you use that uses the same password as you had on Tuts+ Premium.

(2) In particular you should consider your own email account, PayPal, Moneybookers, and other payment services. These are the most sensitive targets, and if you had the same password, you should consider this an urgent priority. If you can’t remember what your Tuts+ Premium password was, we encourage you to change passwords on all services you use.

(3) If you use the same password on any other Envato service such as the Envato Marketplaces, you should change your password there too."

You have to be kidding me? Do I really need to start using unique passwords on every site that I use? This just blows me away that one site messes up and then I have to spend hours of my time figuring out which passwords to change, update, etc. This just frustrates me so much. I'm also very surprised they put this in the blog post:

"As a company that teaches and preaches best practices, it’s deeply disappointing to me to not only have been the victim of a security attack, but to be running software that doesn’t follow those same best practices. This is a situation we will be working to address."

...Based on what has happened to LinkedIn and others, aren't they easily setting themselves up for a lawsuit by blatantly saying they did not follow best practices?

Ugh. I'm just very sick of this crap happening. /rant

[anons2011]

>You have to be kidding me? Do I really need to start using unique passwords on every site that I use?

Errr, ...yes!

[mun2mun]

For this reason Facebook connect/Twitter login are becoming popular. 1password, lastpass, keypass etc are not that popular among casual users.

[bluetidepro]

I already do to an extent but come on, you can't tell me you use a completely unique password for EACH of the HUNDREDS of sites that use passwords? That just seems ridiculous, or maybe it's just me...

[kristofferR]

Get LastPass (it's free and totally safe since it's client-side encrypted), but if you don't want that you can just use SuperGenPass.

http://lastpass.com/ http://supergenpass.com/

[Wilya]

There are quite a few ways to automate that. Lastpass, Keepass, KeepassX, 1Password, ...

[lparry]

1Password (https://agilebits.com/onepassword) is your friend

[dredmorbius]

I do just that.

Between work and personal, roughly 130 password/account pairs.

I may be missing a few. I also don't believe in gratuitously creating accounts simply to make use of some site (information has value, including and often particularly, identifying information). I'll make use of BugMeNot and/or create throwaway accounts using Mailinator for one-offs.

[DannoHung]

Pay for Lastpass. They're fucking awesome.

Wish they'd add a system for private/public key storage though.

[pault]

Salt the password with characters from the url. Maybe your password is P4ssw0rd, so your HN password is Py4csosw0rd. I've been using this scheme for years, works great!

[freditup]

In my opinion, using unique passwords on every site you use is perhaps the key to keeping yourself safe.

Facts: 1)Most people have way too many accounts to keep track of passwords for. 2)A unique password is essential.

So, get a password manager and store them there! It's almost the only secure solution.

[sp332]

If you have Firefox, use the Password Reuse Visualizer. https://addons.mozilla.org/en-US/firefox/addon/password-reus... Then realize that if any of these sites get hacked, the attacker now has access to all the sites connected to it (using the same password).

[StavrosK]

I use SuperGenPass (EnigmaPass for Chrome). I don't have to store passwords, I just have to remember the master one.