Well, I logged in at work today to find my identity had been ’stolen’ at eBay. Someone had guessed my password (not really that hard to do) and changed the e-mail address. They had then begun spamming sellers asking if they would “ship overseas” (you can almost smell the scam!). So, I changed the e-mail on the account, removed the credit cards, changed the password, etc.

I also began using something I should have started using a while back that Ian has blogged about before: KeePass. It stores all your passwords and uses a secure password to gain access to them all. When you just have to remember that one, you can make it longer and more cryptic. It’s very doubtful you’d guess this one unless you’ve been gaming with me a long time, and even then it’s not likely since I’ve used the trick of changing some letters to numbers. Plus, that password only works on the encyrpted db file on your pc, it’s not worth anything out in the wild on the net.

I then began changing my passwords (since they were all the same) at various sites to longer, harder to remember/guess, unique passwords, changing firefox to no longer store passwords or form values, and deleting saved forms of payment from websites. It’s going to be a big pain, but it will keep my info much more secure. I’ve just been lazy a long time and enjoyed having everything simple and automated, but the risk of that approach is just what happened today.