Makes you wonder how secure mobile apps are in general as the user can't determine the connection state, unlike a browser window by looking at the URL or seeing the padlock in the corner.
I don't want to alarm anyone but so does this site. If your not using unique passwords for every site you use then you really should consider doing it. Tools such as 1Password make it ridiculously easy, there really is no excuse.
Another way is to hash a "salt" password with the domain (or something site specific). So if my salt was "assword" and I put the last 4 characters from the domain name interspersed at the end of my password it would look like this: asswaotrodr. Giving you a unique and complicated password for every site.
"Salting" it in that way doesn't increase your security by much? If they looked at your password, once they obtained it, how long would it take them to figure out what you were doing, and thereby be able to derive all your other passwords?
Millions of passwords are moving around in plain text at any given moment in time. Most websites do not have an SSL certificate. Heck, those websites are primarily built by people sending the files containing plain text database passwords to FTP servers with plain text login credentials. Why is this so surprising all of a sudden that these notices keep popping up on HN?
At goodpassword.com you have several password generators to the create random passwords having in mind features to easily remember them. Its an inexpensive subscription service and includes a free trial. Give it a try. Thanks David J.
