The Top 50 Gawker Media Passwords

wiredmikey writes "Readers of Gizmodo, Lifehacker and other Gawker Media sites may be among the savviest on the Web, but the most common password for logging into those sites is embarrassingly easy to guess: "123456." So is the runner-up: "password." On Sunday night, hackers posted online a trove of data from Gawker Media's servers, including the usernames, email addresses and passwords of more than one million registered users. The passwords were originally encrypted, but 188,279 of them were decoded and made public as part of the hack. Using that dataset, we found the 50 most-popular Gawker Media passwords."

I use a stupid password for stupid sites

[gurps_npc]

When I create a profile for something like the Discovery Channel's forum, I don't care if someone hacks my account. It has no financial information and I am only using it to comment on Mythbusters.

The idea that a password is neccessary for such an account is idiotic. No one cares about hacking it (or if you do, then you have an unhealthy obsession with TV).

Gawker is a similar timewaster. Wasting your brain power to create/remember a good password for it is foolish.

I see nothing wrong with using "123456" or "password" for it. I am also pretty sure that most intelligent people that use stupid passwords for stupid web sites, don't use stupid passwords for their bank account or their primary email (but maybe for an email they feed to spammers that offer 'deals' if you give them your email.)

Perfect example:

[gcnaddict]

One of my disposable passwords was exposed in the leak. (you can search the cracked list. my username is listed, along with a pass circa 2007)

and today after checking my lists, I realized that I used the same password on both Slashdot (frequented!) and Digg (haven't visited since v4). Whatever, I changed it on both of these sites. I didn't bother touching it on Gawker now that I know I can't trust them to actually understand password security.

And the reason is

[saikou]

that people probably don't care if someone steals their "commenting" account password.
The only reason to create it in a first place was because they just wanted to show their nick.

I bet if someone checked Washington Post account database passwords, there'd be the same amount of "Blahblahs" and "F*ckoff123"

This is why I use tiered passwords.

[gman003]

I use a system I call "tiered passwords". Since there's no way I can remember 20+ unique passwords for all the things that require them, I split them into tiers. Bottom tier is stuff I really don't care if you steal - I use it for Imageshack, Gawker, /., etc. Middle tier is the more important ones - I don't like you using it, but it won't ruin my life if you get access. That's a slightly more complex password (9 characters instead of 6), and I use it for my user-level computer accounts, GMail, etc. Finally, my top-tier accounts are for things that would really be terrible if someone were to get access: my root account and my bank account. That's a 20-character password, pretty much uncrackable unless the NSA gets involved.

This way, I have damage control. If something gets compromised, it's not going to affect as much. Gawker gets hacked, I change my password for a dozen websites, but don't have to worry about my email being stolen or my bank account being drained. Likewise, if someone does manage to hijack my email account, I can tell people over Facebook that it happened, and not to trust that email address anymore. Yes, it's still not as secure as unique passwords for every site, but it's significantly easier on the memory.

Re:Not Really Sold on the Correlations

[AndrewNeo]

That's what OpenID delegates are for. I have a page set up that I log in to OpenID sites with, and that page contains metatags to forward to the provider of my choice. Provider goes down, I can switch internally and never change my login URL.