My Facebook feed started blowing up today with friends warning everyone to change their Gmail passwords due to a leak of 5 million passwords.
This struck me as very odd since the passwords shouldn’t be stored in plain text, at worst I would expected some hashed version of passwords to be leaked. The one exception would be some man in the middle attack where maybe a custom Android keyboard or app was copying info.
Still it’s a good reminder to use strong and unique passwords on all of your sites. You can easily use password managers like Lastpass or 1password which are both fantastic for easily creating complex and unique passwords. Personally I just build unique passwords based on patterns.
Here is an example of what I mean. Let’s say you want to build passwords for outlook.com and github.com We want them to be unique but also easy to remember. How do we do that?
Note that the order here doesn’t matter, pick your own method, it’s the idea that counts. Also this isn’t meant to be the MOST complex password, it’s just meant to raise the effort of guessing or cracking your passwords to a level that is fairly high while also using unique passwords for every site without it being super complex. I taught my mom who is almost 60 this method so you can learn it too.
Both of these are very easy to remember passwords, but they’re both very unique and strong. The only issues you may encounter are some websites may complain about the length or complexity. I’ve found banking websites of all places are the most likely. In those cases I usually have a backup that is less complex, but it’s definitely annoying.
Update: It looks like I was right, the article has been updated to say
these may not, in fact, be Gmail passwords, as original reports claimed. Instead, it looks like these are passwords leaked from other web sites over the years that were associated with Gmail addresses.