IT security firm Sophos has warned computer users that using the same password on multiple websites greatly increases the risk of falling victim to hackers, following news that players of a global online game have been asked to change their passwords due to a security breach.
Players of Second Life were asked to change passwords after a hacker broke into a database holding information about the game's 650,000 users. This information included addresses, passwords and encrypted credit card details. According to Sophos, while changing passwords will prevent criminals from gaining access to users' Second Life accounts, they could still be at risk if they use the same password for other websites.
A recent Sophos web poll uncovered that 41 per cent of business PC users admitted to using the same password all the time, while just 14 per cent use a different password for every website they access.
[This is another remainder, if one is required, that common mode failures of many types are prevalent in computing. The risk of compromise through primary action, e.g. the hacking of a site you use, is something you can't do much to influence. However, you can do a lot to mitigate the consequences of a compromise by avoiding similar identities on different sites, and in general across large swathes of your activities. Whereas most people only have one, or at most a few, root identities defined by name, address, marital status, etc, it is important to define and manage derived identities and make those different to limit the consequences of compromise of a single identity. For many people this is contrary to instinct. --Ed].
Related links: (Open in a new window.)
www.sophos.com/pressoffice/news/articles/2006/04/passwordadvice.html
Taken from Information Security Bulletin.