After reading about the Tuts+ security breach I got wondering. How many of the real angry people were actually using proper password security?
Yes as detailed in their post, they stored passwords in clear text. Yes that’s a beginner stupid move. Yes the plugin they were using had an update that fixed the cleartext passwords, they didn’t apply it because they had customized the plugin. There were a number of failures on their part, but I bet that many users had a huge password fail too.
I’ll admit that I don’t have a Tuts+ account so this doesn’t affect me at all. I did however have a LinkedIn account that was hacked, but I didn’t care then either.
I didn’t care because I use a different secure password everywhere. They got my name and email, both of which are freely available on my contact page. I wouldn’t care if I did have a Tuts+ account, it would have its own 50 character unique secure password. Tuts+ was never storing credit card data so the only real useful information is the password and username. With that hackers will try your email account but if you’re using a different password there, it won’t matter. Yes with more data they could try some social engineering on you to get more information, but again using a differ 50 character password everywhere means at worst you get one other account compromised.
I get really tired of whiners that don’t take their own account security as seriously as they feel the site they signed up for should. They go up there with friends that don’t ever take my back up advice then come to me upset that they lost stuff.