Zappos Security Breach Affects Millions; Are Passwords Necessary?

More on Password Debate

In a piece for Wired, Robert McMillan lays out our long, conflicted relationship with the password. What started as an easy solution to access our lives online has spiraled out of control. We are now forced to remember more passwords than ever, many containing nonsense symbols and a mix of capital letters and numerals. What’s more, security safeguards just don’t cut it anymore. Passwords are often the weakest link in a network, which hackers exploit regularly.

“Passwords have given websites a cheap and relatively secure way to quickly sign up millions of users, but the computer industry needs to treat them with a little more respect,” writes McMillan.

Passwords may not be going away, but users should have, AT MOST, one to remember. And that password shouldn’t be absurd — no minimum and maximum length, no required special characters, no wingdings, no caps, no numerals. Users should be able, through single sign-on, to easily access all business and personal applications used on a daily basis.

Hackers Attack Zappos, Millions Affected

If you’re one of Zappos’ 24 million users, you likely received CEO Tony Hsieh’s email over the weekend telling you that hackers breached one of the company’s servers, opening up a slew of personal information (email, shipping and billing addresses; passwords; phone numbers; last four digits of credit cards) to hackers.

Zappos hasn’t yet released the cause of the breach, but CIO Today, quoting security experts mulling the causes and consequences of the breach, noted that browsers remain a critical weak point. Another company for the timeline …

Security Breach Timeline