General Consultant Discussion

ugh: http://www.foxnews.com/tech/2014/08/06/staggering-data-breach-could-worsen-expert/

I am no expert in this arena. So I found this contrarian analysis interesting. It's point: the quality of data stolen might not be all that high. Sadly, it might be blown out of proportion by Hold Security simply to generate revenue for its services ... http://bit.ly/1y9rEsu

The real issue, as @WayneSchulz has repeatedly pointed out, is that many of us (myself included) use common passwords across multiple sites. Shortly after I heard Cnet got breached, I got notified from gamestop that I bought some downloadable games for $150, which I did not... Fortunately gamestop must have seen the breach and within a few hours sent me an email saying they believe it was illegitimate and if they didn't hear back from me, they would cancel the order. But those credentials are used elsewhere. I'm changing them as I find them but... The only real way to stop this is have all logins as two factor using a phone

No argument from me about passwords, and mine for sites that count are strong. 2-factor authentication is an acquired taste, and I went through hell getting that to work for my Google+ account on Android. None of this will go away, though, until the devices are adept enough to reliably use biometrics. History of the past 10 years shows that strong passwords are just too hard to 80% of users.