Use Same Account Name and Password on Every Service?

by Tseng H. K.
The article I read this week is “One Of The 32 Million With A RockYou Account? You May Want To Change All Your Passwords. Like Now.” by MG Siegler. Title of this article caught my attention immediately. The author has raised up issue that people using same ID and Password on most of the service they signed up for. On December 2009, RockYou’s (the social network app maker) database got attacked. Hackers got around 32 million accounts’ full list of unprotected plain text passwords on their hand. Hackers used SQL injection method to attack RockYou database, it is one of the popular methods to attack databases. Hackers even posted sample of what they found.

This article is very relevant because we just started to learn SQL statements. SQL injection is a one of the popular method to attack databases. SQL injection is basically means hackers get what they want by injecting their statement into the system. As we just started learn SQL, we also need to consider about SQL data security as we writing our SQL statements. Most of SQL injections can be prevent by using prepared statement.

Fortunately I am not a user of any app made by RockYou, Zoo World, Zoo World2 and Bingo are their most popular APPs. I have seen many of my friends play their games(Unfortunately their ID probably got hacked). We can prevent chain hackings by using slight different password on every services. Although it is hard to remember everything, but security comes first!

MG, S (December 14th, 2009) One Of The 32 Million With A RockYou Account? You May Want To Change All Your Passwords. Like Now.

8 thoughts on “Use Same Account Name and Password on Every Service?

  • November 4, 2012 at 2:44 pm

    I think it’s a good article as it will make all of us that use online accounts to be more aware on where we sign up to and also how we do it. It is crazy to keep up and try to keep yourself safe with all the technology advances that are being developed. It certainly shocks me how people do all this hacking actions to big companies in order to obtain people’s information. I guess we gotta start changing passwords and usernames for every single account created online.

  • November 4, 2012 at 3:14 pm

    I definitely agree that passwords should be different as much as possible for different websites or services. While I myself am sometimes not even the greatest at keeping up with it, I can see the importance. At my last job it always amazed me when a user would send in their laptop and would give us their passwords. Most of the time the user used the same exact password for every application they used. When they didn’t it was usually do to the constraints of the password needed for that application and not due to security. Good article.

  • November 4, 2012 at 4:12 pm

    An interesting article. I didn’t know that you can hack a database using SQL injection because how do they know the name of the table/ column that we use. And I agree that never use the same password for every account, and that we should make a habit of changing our password every few months.

  • November 4, 2012 at 6:09 pm

    That had to be a shocking read for any rock you user, Luckily I am not one of them but it is interesting to think about. For example Professor Zhang mentioned in class how she cannot see our passwords that we made for this class because they were encrypted, but what if she didn’t encrypt them and then used one of those to access our email or bank account? is it illegal to not encrypt the users passwords? nevertheless it will be interesting to learn about SQL statements and how to prevent hackings of this type from our database.

  • November 4, 2012 at 6:31 pm

    Since I’ve began using the internet on a more frequent basis, I keep hearing news about how hackers keep infiltrating many sites and databases to get their user’s data. This is one of the bigger security compromises I’ve seen in a while. This is why many sites recommend that users keep changing their passwords once every few months and many sites even will let you know how secure your password is.

  • November 4, 2012 at 7:05 pm

    Great post, the article did “Rock me” at the glance. I think one of the main reasons people do not change their passwords is because people tend to forget them, or resort to less satisfactory ways of keeping track of them. However, changing password definitely worth our time to do so if we do not want to be a victim of the cyber hacks. Besides the hack issue, the short description of SQL injection raised my interests at what we are going to learn about SQL and I am also want to know how does the prepared statement work toward the SQL injection.

  • November 4, 2012 at 9:50 pm

    Interesting article. I think that while it is important to have more than one password / account combination, you can take it too far. I would say that a couple of passwords / account names are good for accounts where you don’t have important information and a separate password / account name per account that you have critical information, i.e. bank account, would be fine. On a side note I’m glad that I don’t use rockyou, so I don’t have to worry about this particular breach in security. It is a shame that it can take so long for some of these breaches to reach the public, not necessarily this one, just in general.

  • November 5, 2012 at 12:17 am

    It is reckless on the developer’s part to use plain text to store user names and passwords. I believe that you have to use hash and salt to encrypt sensitive data. At least when your database is hacked, they are somewhat protected. But then the attacker can make two accounts with same password, such as “1111”, to find out whether salt is randomly generated or not and ultimately use brute force to crack the passwords if salt is hard-coded into the program. I read somewhere rainbow tables are sold online for this kind of purpose.

Comments are closed.