Sony has been in the news all week after its corporate servers were comprehensively hacked. But it’s hard to give the electronics giant a pass mark for security when it turns out that staff were storing passwords in unencrypted files with names like ‘Master Password List’.
Picture: sebi ryffel
Gawker reports that a folder of files called ‘Passwords’ that was distributed by whoever was behind the attack includes multiple files where password lists were stored without any kind of protection whatsoever. The passwords cover everything from YouTube logins to corporate credit card access.
So much of IT security is about the basics. Keeping an open list of passwords that anyone can access is simply bad practice. Encrypt your passwords. Change them regularly. Don’t make them predictable. Don’t reuse the same password everywhere else. Clearly, these things can’t be said often enough.