Amazon.com is using the same encryption method as Gawker did to store passwords of old accounts. Why should you care? If you’ve had an amazon.com account for many years and are still using the same password, you don’t need to enter your exact password to get access to your account! Here are some examples:
- If your password is less than 7 characters or less, your password is not case-sensitive. I’ve had an account with Amazon since about the time they launched and have never changed my password. My password was 7-characters long, lets call it “flicker”. I was able to login to my account with “FLICKER”, “FLICKer”, etc.
- If your password is 8 characters or more, not only is your password not case-sensitive, but any character(s) you add after the 8th character will still let you into your account. The encryption method used truncates passwords to 8 characters and disregards anything after that. So if your password is “ilovejustinbieber”, anything you type after the letter “s” doesn’t matter. For example, “ilovejustinlong” and “ilovejustintimberlake” will work the same as if you had typed in “ilovejus”.
My recommendation: change your password.
[via: Wired]