We’re all familiar with the Adobe scandal by now. I received some emails from various companies stating my passwords had been reset. I have no problem with extra caution on the part of these companies – I even appreciate it. But this article from the BBC causes me some concern. Whereas the non-adobe company which reset my password stated people sometimes reuse passwords across different sites as the reasoning behind their policy decision to reset passwords of accounts with emails matching those found in the adobe booty stash, the above linked article states Facebook is specifically resetting passwords found to match email/password combos determined to have been compromised. The article then states the same actions are occurring at other companies. Something is wrong here. I never use the same password twice, yet my password for an undisclosed website was reset, so I figure one of three things is happening here:
- The article is mistaken. Facebook may be actively matching passwords from the stash to their active users’ accounts, but other companies are finding email addresses found in the adobe dump and resetting passwords for accounts using the same email address regardless of password match. I think this is the most likely.
- The article is mistaken, but deliberately so in an effort to bring awareness of the dangers of reusing passwords, especially online. Thanks big brother, what would we do without you?
- Alternately, and most disheartening, the article is drummed up fear mongering with the set intent of selling commercial password managers. I don’t know about this, because I would never even so much as research the existence of any potential commercial password manager, much less purchase or use one, but the paranoid in me has to mention it as a possibility.
So in closing, don’t reuse passwords, close your Facebook account, use open source software alternatives to adobe products, and don’t drink the water 😉