Square-Enix hacked

[Richard_BG]

But on a serious note, probably time to change those passwords, boys and girls.

so that people wont be able to steal our accounts that are worth nothing?

[quantumsaint]

so that people wont be able to steal our accounts that are worth nothing?

Yeah. I don't want some guy logging in and dressing my avatar unfashionably. I mean, can you imagine the egg on my face?

[Bahn]

so that people wont be able to steal our accounts that are worth nothing?

I think he might have also meant change your passwords OUTSIDE of XIV.

Ideally, you're not supposed to use the same password for everything, but humans are naturally lazy, and I'm sure a good chunk of forum goers use the same password for every login they use. Yes it's foolish, but it happens way more than you think. Ever wonder why when Kotaku/Gawker got hacked it caused an uproar (not only because of their silly security practices)? It's because a lot of stupid people who post there (which is a good number, considering it's Kotaku) used the same username and password for everything, and therefore left themselves a HUGE target for account theft in venues outside of Gawker sites.

Before you ask, I obviously use a separate password for this game and many sites that I consider are "mission-critical". Some people don't.

[quantumsaint]

I think he might have also meant change your passwords OUTSIDE of XIV.

Ideally, you're not supposed to use the same password for everything, but humans are naturally lazy, and I'm sure a good chunk of forum goers use the same password for every login they use. Yes it's foolish, but it happens way more than you think. Ever wonder why when Kotaku/Gawker got hacked it caused an uproar (not only because of their silly security practices)? It's because a lot of stupid people who post there (which is a good number, considering it's Kotaku) used the same username and password for everything, and therefore left themselves a HUGE target for account theft in venues outside of Gawker sites.

Before you ask, I obviously use a separate password for this game and many sites that I consider are "mission-critical". Some people don't.

Yeah. Isn't that how FFXI players got hacked? Using their same account password with phishers posing as fan sites? I'm guilty of using the same password or permutations of it for most things. Of course, banking and the like I use more unique passwords, but still, there are those that don't who should change their passwords.

Kind of off-topic: Go ahead and take my identity, hackers. Just found out yesterday I'm being sued for $1500. My credit sucks...

[Atoli]

Ideally, you're not supposed to use the same password for everything, but humans are naturally lazy, and I'm sure a good chunk of forum goers use the same password for every login they use.

It's less about being lazy and more about just how much you can remember.
There's a limit to "good" passwords you can remember, good like in..has numbers and special signs in it and is not a word in a dictionary and is at least 15 letters long and has also several BIG and small letters..hm..now that I think about it, that's probably where the stupid way some teens write nowadays has originated from ($wEe7_6IrL-13 and stuff like that =_=)

Well, I also have complicated and different passwords for important accounts,
but I use the same one for stuff like..ask.com or some FF fan forum I visited once.
It's just not worth the hassle.
Most things on the internet aren't.

Oh, ain't I affected by this hack anyways?
Since I'm neither from Japan nor North America?

[Bahn]

It's less about being lazy and more about just how much you can remember.
There's a limit to "good" passwords you can remember, good like in..has numbers and special signs in it and is not a word in a dictionary and is at least 15 letters long and has also several BIG and small letters..hm..now that I think about it, that's probably where the stupid way some teens write nowadays has originated from ($wEe7_6IrL-13 and stuff like that =_=)

Well, it's more about using common sense. I don't think "I can't remember my passwords" is a valid excuse to make when you have applications called Password Managers that can help you store these passwords without needing to remember them.

These password managers allows you to make ridiculous passwords for other sites and not have to remember them. Password managers are basically a database that you use to store all your passwords. A good free and reliable Windows one is called KeePass. A browser-based one is called LastPass. You use a "master password" that has reasonable security measures in it (1 digit, one uppercase, one lowercase, one special char, etc) which allows you to open up the database that contains all the passwords you stored. That way, you only have one password to remember (the "secure" one you made that is memorable). You then make up some complex passwords for these other sites and simply store them in this manager for reference. Put that password manager and its files on a flash drive and keep that flash drive in a handy place, and you're good to go. The database that contains all your passwords is heavily encrypted with AES 256-bit encryption and even if someone were to steal your computer, they wouldnt be able to hack open the database through normal means.

Another convenient way of keeping your passwords secure is to use one password that's somewhat secure and easy to remember for non-mission critical sites - i.e. sites where if you were to lose your account wouldn't hurt your security on your computer or IRL. So for places like Gawker and the FF14 forums, you use this password. If it gets stolen, big deal. They now have access to a bunch of forums and sites they don't give a crap about. Then you make individual passwords for your mission-critical sites - your banking, Twitter, Facebook, Gmail, etc.

That way, if some site you're trying to sign up for requires a password, you have your 'throwaway' password to use without having to worry about putting your important stuff at risk. Password gets hacked? Whoop dee doo for the hackers - they can now use an account that's on a random site they don't care about.