Rework

{{ show.title }}Trailer Bonus Episode {{ selectedEpisode.number }}
{{ selectedEpisode.title }}
|
{{ displaySpeed }}x
{{ selectedEpisode.title }}
By {{ selectedEpisode.author }}

Summary

"Passwords just aren't cutting it online. It's getting worse. We all feel it." This is what Jeremy from Basecamp's Security, Infrastructure, and Performance team wrote in a February blog post after dealing with a mass-login attack. Intruders with huge lists of login credentials—obtained in previous data breaches—tried using those passwords to access Basecamp accounts. Hear how Basecamp addressed the immediate incident and was also forced to reflect on longer-term plans for customer security in an increasingly insecure age.

Show Notes

Read David Heinemeier Hansson's blog post and Jeremy's follow-up post on the mass-login attack.

Our episode on the Big Integer outage - 00:41

The big Code Red moment starts at 3:06 of this clip but c'mon, just watch the whole thing - 00:48

Jim Mackenzie on Twitter - 1:15

Background on the data breaches at Marriott, Equifax, and Yahoo - 1:53

Jeremy Daer on Twitter - 2:10

"It's a Unix system!" - 7:24

Have I Been Pwned? - 13:47

1Password, LastPass, Dashlane - 14:52

"Clever girl" - 17:24

"I've got the same combination on my luggage!" - 17:29

What is Rework?

A podcast by Basecamp about the better way to work and run your business. We bring you stories and unconventional wisdom from Basecamp’s co-founders and other business owners.