In case you missed it, here's some news that made the rounds a month or two ago.
The first problem: A variety of websites including LinkedIn and Yahoo! experienced a security breach that exposed some customer email addresses and passwords.
The second problem: Someone took the leaked email addresses and passwords (either from the LinkedIn or Yahoo! breaches, or maybe somewhere else -- it's not clear) and used this info to get into a Dropbox employee account.
Let's pause a second and paint that picture clearly.
Let's say one of these initial security breaches exposed an email address like firstname.lastname@example.org, with a password 98765. Someone took that leaked info, went over to Dropbox and tried their luck: They punched in the info and — presto! — it worked.
Now, the first problem is the responsibility of the websites that you use. (And while we're on the topic, I'll take the opportunity to mention that we take a very proactive approach to security at Wave, getting third-party verifications and certifications, running tests to challenge our security systems, and much more.)
But let's look at the second part of this chain: If the Dropbox employee in question had used a different password for his employee account than he did for whatever site first experienced the leak, this second stage would never have happened.
So the question arises: How often do people re-use their login passwords? A security issue at Sony last year revealed that 92% of people used the identical password for multiple sites. Are you one of the rare 8% with better security practices?
If not, obviously, the risk is that a security lapse at one website you use could open up your account on other websites. In essence, by reusing your password your most private information is only as safe as the weakest website you use. And that's not good.
There's a reason Wave goes to extraordinary lengths to provide solid security: Your financial information is important. But if you use the same password for Wave as you use for some insecure social site, or to comment on a blog, or anything like that, you're exposing yourself to unnecessary risk.
So I'm urging you to make sure you use good online password habits, especially when it comes to sites like Wave that manage your financial data. Use passwords that are hard to guess. Don't leave your password written down somewhere, or saved in a file on your computer. And please use a different password for each of the websites you visit, especially for those that contain sensitive information.
"How am I going to remember a different password for every site without writing it down," you may wonder. Here's a suggestion from Mozilla.