Last week Ebay announced that some accounts were compromised, including passwords with as yet unstated encryption. Those who aren’t tech savvy here “encryption” and think “well, then I’m ok”. Maybe yes, may no. The problem is that if they break the encryption they will immediately try to plug that password into hundreds of sites. The odds are good that the password will be valid somewhere else and now the impact has magnified.
We’re not going to stop breaches from happening. It will take years to see two factor adoption become prevalent. So what can we do, right now? As consumers at the mercy of sites and applications that require passwords and various other bits of information the only thing we can do is use a unique password per site and make it a very strong password. Most users do neither because it’s hard. The only way to make it easy is to use a password manager and then it becomes trivial to use a very strong password because you don’t ever try to remember them. Go try out a password manager, find one you like (and that has been well reviewed and vetted) and then show it to your friends and family. Talk to them about the dangers of password reuse. Make it a low tech conversation, but be emphatic – stop reusing passwords.
And while you’re at it, go change your Ebay password now (directions here).