Here at Backup Machine, we’re great fans of the popular, note-taking service Evernote
Unfortunately, their systems have just been compromised…
… leaving the possibility that a criminal group has got a copy of your username and one-way-encrypted password.
So if they’ve used one-way encryption, what’s the problem?
One-way encryption (hashing) is a great idea, and we use it at Backup Machine too.
However, even with a hashed password, it’s possible (with enough time and processing power) to find its original value.
What should I do?
First of all, if you use Evernote – change your password there: http://evernote.com/corp/news/password_reset.php
Hacks like this serve as a reminder for us all to choose a separate password for every service we use.
Your own website’s FTP, SSH and Database passwords are doubly important to protect in this way. You don’t want to have to change all your different passwords in a hurry when you think you’ve had your credentials compromised.
Help, I’m trying to remember too many passwords!
Of course, these days we all use many online services – and some of us have to choose usernames and passwords for our own services as well. How do you keep track of them?
We use password management services such as:
These will not only store your many passwords in an encrypted file, but will help you to generate a new password for each site – ensuring a suitable password complexity, and randomness.
An even better way to protect your services is to use 2-factor authentication. We’ll cover this in more detail in our next blog post.