Ever stopped to think how much information a person could get from you with just one password?

Admit it; you've got one password for lots and lots of websites... Your email, facebook, twitter, perhaps even a 'cloud computing' document or file backup or workspace like Google Docs.

Now imagine someone knew that password, or guessed it.  Happens ALL THE TIME.

Then your friends get facebook messages from 'you' asking for help, or your email is scanned for other personal information which can link this 'hacker' to your actual bank account and such.

This is not just an issue for individuals.

Recently, the headquarters of Twitter was hit by just this sort of 'attack'.  This is not a 'hack' in the true sense of the word, this is nothing more than a lapse in personal security, exploited by a malicious user, who in this case, luckily - wasn't actually out to cause any harm.

Without going into song and verse (see: TechCrunch - Anatomy of a Twitter Attack, for the detail), basically, once this chap worked out the Gmail address of just one Twitter employee, he was then able to make Google think that user had forgotten his/her email password, have it sent to an alternate account, which was just as easy to gain access to, and then from there it was - as TechCrunch call it - like dominos.

Granted, there are some fortunate circumstances here, like the retrieval of the forgotten password relied on the alternate email account being unregistered, and thus able to be registered fresh.  But the fact is we are at the mercy of our password.

So today, I took the time to change my passwords, at least at the places I could think of:
Twitter, Facebook, Google Mail, Google Apps.  These are the key applications online that I use.

The most important lesson - make the NEW password a STRONG one - that's why websites have that 'rating' of your new password - because you SHOULD be choosing a STRONG password!

Keep it simple to remember, yet difficult to pick.

Avoid IT regulars - like replacing i's with 1's, or o's with 0's, and s's with 5's. (Many many IT admin's use Pa55w0rd or adm1n as the password - it’s just TOO EASY).

Pick a word, split it up, add a number in the middle, a random one at that and put a capital in the miDdle of the word, not at the start - and don't just put those numbers on the end.

Now that's not foolproof, but by goodness it will make it hard!

There is no reason not to have all your passwords the same, as long as you then change them all regularly, it's common sense, and something I'm fortunate enough to not have fallen victim of, having used the same password or similar variation thereof for some decade or more.

This Twitter 'hack' just shocked me into action!

Finally, for Google Apps or Mail or Docs users, take the time to choose SMS as your method of contact should you have a forgotten password moment.  This really makes it hard for any online thief to get to you without physically robbing you.

I highly recommend you read the Tech Crunch article about the Twitter experience; it SHOULD be eye opening for anyone.