Fewer than 500 words...
On the subject of passwords...
A very public internet figure was hacked. In the end it turned out not be a flaw in his passwords, but actually a social hack worked against Apple, which in a way is worse than the kind of password-cracking we typically mean when we speak of hacking. The full story is here.
But reading about the episode made clear some of the weaknesses of the casual way many of us link accounts and use the same or similar passwords and the basic vulnerabilities that are introduced in the new ways available to control our data. Following are some simple concepts to help govern how to approach security with a bit more cognizance of the weaknesses:
1. Use unique passwords for each online service - Of course we've all heard this one before, however when you add in Twitter, Facebook, Google, Tumblr and all the other options out there, it becomes clear that the online "you" is multi-faceted and it's going to be easier to deal with a single account being hacked instead of all of "you" at once.
2. Passwords to be created by 3rd party utilities - There are many available schemes for creating complex or memorable passwords, but when it comes right down to it you may come up with a good that you then use to violates #1, above. Your passwords protect not only your ability to use your account but also that account's very existence; imagine your entire accumulated identity being systematically wiped out at each service. Deleting an account is simple enough, but recovering it may or may not even be possible. Your passwords should be unique, appropriately complex and handled in a way that still gives you needed access. Applications like 1Password from AgileBits Software make this tolerably easy.