Interesting article at:
Seriously? “it’s critical that different passwords are used for different accounts” ?
What ever happened to usability? Real users are human beings, who have enough trouble remembering a single password that changes every couple of months, never mind 20 different passwords.
It’s better to:
(a) synchronize passwords
(b) make the single password strong
(c) change the single password often
(d) find and replace applications where the password database might be compromised
The real problem at HBGary (aside from the unpleasant contract they took on) was their use of a vulnerable CMS. Come on guys – that’s just dumb. Ever heard of vulnerability management? HIDS? NIDS? *That* is where the domino effect started.