(original story via The Consumerist)
Everyone knows we should change our passwords often, and that for security reasons we should use words so long, complex, and filled with leetspeak (H4xx0rz!) that only a 19 year-old programmer from Singapore could understand them (ok, on second thought that might not be the individual you want guessing that he can reach your bank account by typing “Y0MamaWearsUnder00z” but you get my point).
Most of us also tend to use similar passwords for similar sites, and seldom change them as often as we should. (Hint: If you’ve changed your name more recently than your passwords, it might be time to revisit the security codes.)
That said, a recent story from Reddit (via the Consumerist, link above) claims that Amazon passwords older than an as-yet-unknown date (most likely measured in years) contain a flawed programming hashtag that makes them vulnerable to brute force attacks (programs that try all possible combinations until they find the one that unlocks the object in question).
More specifically, passwords in excess of eight characters will “crack” when the first 8 characters are entered correctly, regardless of the remaining alphanumerics the hacker enters. So your uber-secret “SUPERCAL1FRAG1L1STICEXP1AL1DOC1OUS” just became “SUPERCALpasswordIjustguessedneener.”
Yeah. Might be time to change the password.
It’s a good idea to rotate passwords regularly, but this attack serves as a good reminder.
Don’t put off ’til tomorrow what the hackers can do today.