More problems for Twitter

Twitter has had to reset the passwords to some of its users after they noticed some anomalous usage. The number of followers for a couple of accounts grew fast enough to trigger an investigation.

Apparently, someone has been creating creating sites and forums that requires logging in and selling them to people that wanted to start a download site of their own. Once these sites became popular, this person used the back-doors and exploits coded into these sites to get access to the credentials of every person that had signed up with these sites. This information was then used to get access to sites like Twitter.

The reason Twitter was affected? People were using the same email/user-id/password combination across multiple sites. Once the credentials to one site was obtained, it was just a matter of trying those credentials out at every major website. So, here is another reason not to use the same credentials across sites.

One answer may be to add a salt, like those added to hashes. For example, if you used the word “password” as your common password, you would use something like “gmpassword” on your Gmail account and “ympassword” for your Yahoo account. Or, you could use a phrase “This is my gmail account password” or “This is my yahoo account password” and use the first letters of the words as your password (“Timgap” or “Timyap”). Please note that these examples are just for illustration purposes. In a real-life scenario, you should use a bit more complex system than this. Passwords should be strong (8 characters, upper/lower case and with at least 1 number and 1 symbol).