Recent events, including the password breach at LinkedIn and eHarmony, have been getting worse and worse. Whether it’s AOL accidentally releasing search data on 500,000 people, or Gawker’s in-house CMS getting hacked and exposing passwords to 1.3 million users, security is becoming a hot topic.
The core developers of WordPress agree that security should be taken seriously. Back in 2006, the team took a second look at how passwords were being stored in the WordPress database. We have Ryan Boren to thank for introducing the idea of moving away for a simple-salted md5() hash, to using the phpass framework (#2394) as part of the WordPress core.
Looking at some other web services out there, it’s crazy to think how companies are still storing passwords in cleartext for any hacker to see.
Here are some recent blog posts by security firm Sucuri.
- Public Service Annoucement: Last.fm Passwords Compromised
- PRWeb Stores Passwords In Clear Text
- Public Service Announcement: LinkedIn Spear Phishing Attempts
- LinkedIn Password Dump Verified
- Public Service Annoucement: LinkedIn Users Change Your Passwords
I know that since I was turned onto LastPass, I have ever since been creating very strong, very random, and super-secure passwords so my identity can’t be nearly as easily compromised.
I pay the $12/year for LastPass Premium and it’s worth every penny. The easy-to-use password generator that comes with the service as well as the cross-platform and cross-device compatibility, makes it a breeze to store my passwords and stay secure at the same time.
Just the other day, one of my friends who also has LastPass, safely and securely shared a password that I needed to access one of his accounts, but I never actually saw the password — because it was shared through the secure service.
I vouch for LastPass and strongly recommend it.