I think it's a huge pain in the ass to manage different account names and passwords. I'm at a point where I don't know which user name/password belongs to which site.

Why not use a password manager?

Although really at this point, we should be looking to alternatives to passwords, like DNA verification.

Eh, but if someone steals that information (like a single long pw), you're doomed.

Problem is DNA Verification freaks the dumb people out.
I just keep all my passwords written down on a piece of paper, I don't really trust to store passwords anywhere on my PC even in a password manager, so I write down all my passwords for anything and hide them away in a old DVD case and its hidden in my DVD collection.

LastPass is so damn good, I have no idea how I even functioned without it given how many goddamn logins and passwords I have on the net...

I'm so glad I switched from yahoo to a private domain.

Yahoo was getting worse and worse over time (commercials all over the place, various important emails not going through or getting received only in my sent box, etc), plus the risk of losing your email address if they compromise your account is very real.

With a domain your own, should they ever compromise your email account, you may lose your mailbox content, but at least you can get your email address back by simply changing your MX records. I'd say it's the reverse, using a strong password is more important than changing it often.

Even a relatively short 8 characters password with even only lowercase letters that are mostly random has 208827064576 permutations.

Even if they steal the database, if the server uses a strong hashing algorithm that takes, say 0.1s, it would still take 20882706457.6 seconds (241697.991407407 days) to tryout all the permutations.

Even if you find it on average using only half the permutations, that's still 120848.995703704 days (331.093138914 years). Even if they steal the database, if the passwords are hashed and salted, they got their work cut out for them if they want to break the stronger passwords.

Really, for the attackers, it's not about hacking every single password in the database, it's about trying various weak passwords across all the accounts and getting hits with each attempt. By accumulating a list of known emails, they can do that even without hacking the server (it's just way less efficient, especially if there are mechanisms in place to foil brute-force attempts on the login).

Really, the weak link is a weak password. If you use a lame-ass password like Apple9 (something that will pass most password strength checks), no security mechanism can protect you. In my humble opinion, unless you're a senile senior, if you're so complacent about your security that you don't use a strong password for key accounts, you deserve what you get. Every service terms-of-use should have a closure: "We do not cover weak passwords, you're on your own buddy".

Okay fine. We'll use infrared verification then.

Finally. The motivation I need to change that godawful password I was using.

Thanks for the heads up.

HAHA I want DNA/Thumbprint myself, but people are dumb sadly.

At most, I think the hacker would have stolen a list of account names. I am not too worried about it. Maybe there was a comprised mail server in russia that allowed the hackers to get more information.

The most important security step is to not use the same password anywhere, because if one account becomes comprised, then so do others, and of course, make it a good password. I think completely random passwords are not necessary because all they do is make it hard to remember. A good password is a long password of a couple mixed case words and numbers like "woMBat71moNKey37". Because there are two ways to hack an account password, get the password as typed/hack the server and passwords stored stupidly/etc..., and then there's brute force. With the first, it doesn't matter how random or complicated the password is. This is where having different passwords everywhere pays off.

Brute force method means someone is guessing if simple password, or having a computer generate all possible combinations. So what you want is long unguessable password so that it's virtually impossible to guess and randomly generate with full range of characters to increase combinations possible. Most systems only allow a fixed number of tries.

I really doubt anyone cares at this point, but for each character possible, you multiply that number possibilities by the length of password. So the number of combinations possible for just lower case 5 char password is 26 * 26 * 26 * 26 * 26. So by using mixed case (upper and lower case), you increase that to 52 * 52..., then if you include numbers (0-9), 62 * 62... So you can see how quickly the combinations increase when you use more characters outside the normal english set.

People are mean and greedy.

You are not.

I myself have lost 2 hotmail accounts in the past, had fake profiles of mine constructed by "friends" from like 3-4 other hotmail accounts and somehow, my latest yahoo accounts, have been receiving mail FROM THEMSELVES TO THEMSELVES (possible translation: Someone else logged in it and sent a message through it, TO it).

I got so tired over security and issues anyway, that i merely stopped even wondering. Since you are in the internet, someone IS ALWAYS WATCHING YOU! Even outside of internet... Lately, drones started being sold in electronics shops like freshly baked bread! And spyware is ever blooming, without legal inquiries/regulations to shop selling them or people buying them.

This, of course, has its own merits and tradeoffs, as well. Sometimes you can watch many interesting things, if you are in standby to that new smartphone and its application, he he, technology is evil hands down, but it can hand out some free smut now and then! NO ONE IS SAFE! So try to make the best out of it and enjoy, on the rocks! Yarr!