2 million account credentials stolen!

More than 2 million passwords have been stolen from popular web services such as Facebook, Google, Yahoo, Twitter, LinkedIn, etc. All the popular press are reporting on this (here is something in English and Swedish).

Now what is interesting is the analysis on the stolen passwords by Trustwave. Trustwave did a similar study over 6 years ago on passwords exposed from MySpace, and this shows that nothing has changed, if anything password complexity is even weaker now than what it was in 2006. It seems that users are choosing simplicity over complexity.

So what’s so surprising? It is quite naive to assume that we will use complex passwords, especially across our social networking accounts. This is why we are increasingly accepting single sign-on using Facebook, LinkedIn, etc., to authenticate to other web services. The last Gartner conference on identity talked about needing to re-work how we do identity, i.e. make it ‘people-centric’, now where have I heard that one before 😉