This news is already getting old, having broken yesterday; however, there’s some good advice issued by Tony Hsieh, CEO of Zappos. I’ll get to that in a minute, but you might want to read his blog post.
So, Zappos got hacked. Customer account information on 24 million customers including names, e-mail addresses, billing and shipping addresses, phone numbers, the last four digits of credit card numbers and/or the cryptographically scrambled passwords was obtained by the criminal(s). The actual passwords weren’t obtained, but we can assume the hackers will try to crack the crypto.
The email sent to the customers contained some great advice: “We also recommend that you change your password on any other web site where you use the same or a similar password.” Not that you should ever use the same password on multiple sites, but this is great advice. If you are an affected Zappos customer, be sure to take this advice and go change that password on the other sites. Just make sure that for each site you change it on, you use a different password, not the same one over and over.
To be honest with you, I do use a certain set of passwords that are the same on multiple sites. The sites I use these passwords on are not anything important and the passwords I repeat are never the same passwords I use on shopping sites and other critical financial sites; those are all different, very strong passwords.
With all the great password advice I’ve been giving you over the years, there is no reason for you to have any trouble coming up with good, easily remembered passwords.