23 March 2015

Twitch Accounts Were (quite likely ) compromised

It seems Twitch account have been compromised (again ) as I got e-mail from:

"We are writing to let you know that there may have been unauthorized access to some of your Twitch user account information, including possibly your Twitch username and associated email address, your password (which was cryptographically protected), the last IP address you logged in from, and any of the following if you provided it to us: first and last name, phone number, address, and date of birth.
For your protection, we have expired your password and stream keys. In addition, if you had connected your account to Twitter or YouTube, we have terminated this connection.
You will be prompted to create a new password the next time you attempt to log into your Twitch account. If applicable, you will also need to re-connect your account to Twitter and YouTube, and re-authenticate through Facebook, once you change your password. We also recommend that you change your password at any other website where you use the same or a similar password.
We apologize for this inconvenience.
The Twitch Team"

and there is official blog entry on their page:
 http://blog.twitch.tv/2015/03/important-notice-about-your-twitch-account/

WHAT TO DO:

  • As always, if you used twitch's password anywhere else  ... then you better change this password in all places where you used this password.
  • If you struggle with remembering passwords , use tools like keypass to store your passwords (which can generate random and secure password too).
  • How long should be password ? Well, these days it should be at least 13-15 characters.
  • If you use complicated password and store them in keepass,then :
  • For services that you use often create password easy to rembember but hard to guess password, what i mean ? Check this page to find clues how to make good and secure password http://preshing.com/20110811/xkcd-password-generator/
  • For important services like bank and etc. You need created long complicated password (use keypass generator ) and NEVER EVER USE ONLINE PASSWORD GENERATOR!

Why 8 characters password is not strong enough ?
 Well, because it can be guessed in 2 days in worst case scenario by almost anybody who knows how to brutal force password.