Gizmodo had this interesting article today. I found it apropos because I had a conversation with my wife today about my PayPal account and a random e-mail I got from the company that I needed to reset my password because somebody had been monkeying around. (No worries, no money changed hands. I think it was probably because I hardly ever use the account.) Anyway, she asked if changing our password (which I did) would prevent us from being hacked. I told her “probably not.” I’m sure no hacker is dumb enough to target me on purpose, but a lot of these attacks are more like looting a grocery store. The chances of one individual egg being broken are pretty low, but when there’s so much smashing and grabbing, well, I wouldn’t get too attached to Eggbert.
I am curious as to our resident security expert’s take on the article.
36 Chambers - The Legendary Journeys: Execution to the max! 
Quick thoughts:
1) Strong passwords are good…unless they’re stored plaintext or encrypted. The advice, however, is good: use a password vault and let it auto-generate passwords.
2) True. With certain devices like routers, the first thing I do is flash the firmware. Hardware manufacturers generally make terrible software.
3) True. Disturbing, but true. There’s research in security economics that indicates that people generally aren’t willing to pay for security.
4) True.
5) True. I’m still a bit concerned about protecting your data in “the cloud.” Certain “the clouds” are better than others.
6) True. Software updates are important.
7) I suppose. I hate using the term “hacker” in this context. Talking about internal threats is important as well, so I agree on this.
8) Kind of true. The headline is bait, as they don’t define “cyberattacks” (a terrible name) and leave it implicit that we’re talking about malicious use of a device in a way which could cause physical harm to an individual, as opposed to threatening their identity or livelihood.
9) True, but irrelevant.
Is there a specific password vault you’d recommend? I’ve heard good things, but haven’t actually tried any of them yet. I assume the idea is that you have an offline program generate passwords?
I like LastPass a lot, but have heard good things about Bruce Schneier’s Password Safe. https://www.schneier.com/passsafe.html