You're using a dictionary password and subsequently reusing that password on multiple sites.... and you're mad at LinkedIn for allowing your account to be compromised? Umm.
You are blaming the victim. Yes, they could have taken more steps to protect themselves, but those steps are inconvenient and cost everybody headspace and headaches. And if we're all being honest we don't use best practice every time we log into a website.
The real problem is the way that we do passwords. Passwords should either be managed by your browser or your operating system. When you log in to your computer, you log in one time with a public key. And then your OS/Browser automatically logs you into every website you visit by signing challenges instead of by giving your private key (that's essentially what a password boils down to) to everyone who wants to verify your identity.
The same is true for credit cards.
If we want a more secure web, we will replace the password system. It's difficult to use passwords correctly, even if you have the common sense (which a lot of people don't, because they just don't realize it's a bad idea).
It should be a higher priority. People are clearly losing money and losing quality of life over today's insecure password infrastructure.
OP isn't blaming the victim. Op is playing with fire, KNOWS IT, and is surprised when they get burned.
Right now there are many solutions for password management. Free and open source, free and closed source, paid and closed source, enterprise. You name it! "Good password hygiene" is fairly ubiquitous amongst people on this site.
With that said, credential management[0] is coming. Google and Apple want to kill LastPass, 1password, and all these companies, and they definitely will AFAICT.
I hope somebody kills off Lastpass. Worst customer support I have ever received. I've submitted 2 bug reports and 1 feature request since signing up for their paid plan all to have them thrown in their "won't fix" pile. I guess they're too busy making their interface bloated and hard to use to add functionality. /rant
There are many solutions for password management, but any solution that can work while travelling (in third-party computers), doesn't need a phone with a data connection, and actually works?
Not sure if I'm parsing your requirements correctly, but 1Password with Dropbox sync would work without a data connection as long as you sync the files beforehand. Works both for Android and iOS. Don't know if adding/modifying entries in the app while offline is possible; so far, I've only needed read access.
Odd way of phrasing it. It's more accurate to say "you're pointing out that they have put themselves at risk through a number of insecure practises". It's not so much blaming a girl for getting raped; more "don't walk around an area that suffers from high crime, at night, using an expensive phone and getting a laptop and flashy camera and act surprised if you get robbed".
I'm more annoyed about my email address being in the dump than my password (which is/was the shittest of my password set because I don't care about my LinkedIn account).
I, too, may even have used that pw on twitter (RIP both followers of my 4 tweet history). Again, because I don't really care.
I have essentially been re-using passwords for 15 years now (although my very first password on my AOL "gandalf" has long been retired), every now and again upgrading my "default strong" and using a the historical weaker ones on things I don't care about/don't trust.
Password Manager is definitely a smarter solution but I can't see myself setting it up.
I would never have thought to set one up, but after taking the pain of getting all my passwords into it opportunistically (a few minutes per day for a few weeks) it saves me time and headache now. It can autochange passwords, keep notes for sites, and auto-login to websites. Very handy, plus I only have one password in my head now.
I can walk around a bad part of town at 2am, but if I get shot, I'm still going to be mad at the shooter.
A mix of laziness, apathy and habit lead me to reuse that password on many sites. But I have 5+ email addresses, tons of shopping accounts, multiple banks, brokers, airlines, hotels, etc. I do use more secure passwords for other sites.
I really can't be bothered into using a password manager, so what's the alternative besides reusing passwords?
> I really can't be bothered into using a password manager, so what's the alternative besides reusing passwords?
The alternative is getting burned by password reuse repeatedly until you can be bothered, I would assume. Alternatively, you could cling to the hope that a more secure and more convenient authentication mechanism gets adopted somewhere in the next decade or two.
LinkedIn released data that made the twitter breach possible. Your version is far too innocent. If we want to continue the badly-fitting analogy... how about LinkedIn is a guy dropping crates of bullets all over, in a world where stolen bullets have no non-crime uses.
