So many accounts, so few passwords
2010-02-11 07:08:51
Watching the Twitter stream this morning, I saw a couple notes go by from @chrisorourke:
Hmm looks like someone is hitting all of my online account password recovery tools. 17 texts in the last 10 minutes... about 3 hours ago from Seesmic Looks like they didn't manage to break into any of my accounts. Nice try, Mr. Hacker. 5 minutes ago from web DISREGARD THAT, I SUCK COCKS!!! 2 minutes ago from web GOD DAMNIT, IT WAS PHONE!!! 2 minutes ago from web
Now, I'm not sure if that last post came from Chris or the hacker, but it sounds like he got hacked (cracked?) because someone had access to at least one of his email accounts -- that is, all they were doing was asking services to send login information to the email address on file, and once they got that, they were in.
This might not have been a big problem back in the day that we only had a couple passwords for a couple places. But now we a have couple passwords for multiple email accounts, Facebook, Twitter, flickr or some other photo share and a host of services that, in turn, tie into these things.
Most people I know only have one, or maybe two, passwords, so if you get the password to one account, you're in most of the other accounts. Changing those passwords regularly is almost impossible -- I have literally dozens of social media accounts out there, and I've set up logins on various bulletin boards or other information services that I don't even remember visiting. If I used my real email address and a repetitive password on all of those, then I just handed login info to OTHER sites to whoever runs that board.
I try to be careful and use an obscure Hotmail account and provide no personal information, but it's getting harder to avoid. Ping.fm and Google both have access to a LOT of my accounts. Maybe they don't have my passwords (well, Google does), but it effectively doesn't matter -- bad boy cracker gets into a master account like one of those, and he can spam dozens of websites simultaneously.
This is, in part, the cost of Joe Everyman wanting the spotlight. Everyone wants their voice to rise above the noise, but self publishing online is hard work. People get lazy managing multiple accounts, but when a hacker/slacker/code cracker gets in and uses your accounts for a moment of mental masturbation (why else are the fake postings always about sex?), it's not just the time recovering face, it's the time it takes recovering all those accounts…